Confirmed users
717
edits
B2G App Security Model: Difference between revisions
no edit summary
Ptheriault (talk | contribs) No edit summary |
No edit summary |
||
| Line 21: | Line 21: | ||
Users should be able to discover, installed, run, update and uninstall application as they see fit. These applications should be able to run offline. Users should also be able to manage the security and privacy relevant settings for those applications, potentially at different phases of the apps lifecycle (at install, at runtime, independently). | Users should be able to discover, installed, run, update and uninstall application as they see fit. These applications should be able to run offline. Users should also be able to manage the security and privacy relevant settings for those applications, potentially at different phases of the apps lifecycle (at install, at runtime, independently). | ||
|Feature dependencies=Heavily dependent on the Open Web Apps security model and ecosystem (including Marketplace), and on BrowserID as well. | |Feature dependencies=Heavily dependent on the Open Web Apps security model and ecosystem (including Marketplace), and on BrowserID as well. | ||
|Feature requirements=*An app store needs to be able to approve an application, implying they can verify the integrity and authenticity of the app | |Feature requirements=*An app store needs to be able to approve an application, implying they can verify the permissions, integrity and authenticity of the app | ||
*App store needs to be able to revoke an app | |||
*A user needs to be able to make a trust decision at install time, so they also need to be able to verify the authenticity, integrity and privileges of an app | *A user needs to be able to make a trust decision at install time, so they also need to be able to verify the authenticity, integrity and privileges of an app | ||
*An store app must be able to set the default permissions for an app | *An store app must be able to set the default permissions for an app | ||
*User has control of the permissions of the app throughout its lifecycle, | *User has control of the permissions of the app throughout its lifecycle, overriding those set by the app store if desired | ||
*Apps should be able to discover their privileges and degrade gracefully in a limited privilege environment | *Apps should be able to discover their privileges and degrade gracefully in a limited privilege environment | ||
*Permissions need to be expressed to the user in a way that they can realistically be expected to comprehend (perhaps with options for power-users) | *Permissions need to be expressed to the user in a way that they can realistically be expected to comprehend (perhaps with options for power-users) | ||
| Line 30: | Line 31: | ||
*Apps should not be vulnerable to common web vulnerabilities when granted significant privileges | *Apps should not be vulnerable to common web vulnerabilities when granted significant privileges | ||
*Ability to grant trust for certain highly sensitive privileges (such as phone dialing) may be restricted at the OS level to specific trusted parties | *Ability to grant trust for certain highly sensitive privileges (such as phone dialing) may be restricted at the OS level to specific trusted parties | ||
|Feature non-goals=This document does not try to define the broader B2G security model, nor does it define the Open Web Apps security model even though we expect that B2G will contain a superset of the latter's requirements. | |Feature non-goals=This document does not try to define the broader B2G security model, nor does it define the Open Web Apps security model even though we expect that B2G will contain a superset of the latter's requirements. | ||
|Feature functional spec=A threat model is being documented here: https://wiki.mozilla.org/B2G_App_Security_Model/Threat_Model | |Feature functional spec=A threat model is being documented here: https://wiki.mozilla.org/B2G_App_Security_Model/Threat_Model | ||
WebAPI permissions manager implementation: https://bugzilla.mozilla.org/show_bug.cgi?id=707625 | |||
}} | }} | ||
{{FeatureInfo | {{FeatureInfo | ||