Confirmed users
717
edits
B2G App Security Model: Difference between revisions
no edit summary
No edit summary |
No edit summary |
||
| Line 35: | Line 35: | ||
This feature page is tracking these requirements independently of the general Mozilla Open Web Apps security model even though we expect the models to be compatible, since B2G has specific issues that need to be considered in addition to browser-hosted applications. | This feature page is tracking these requirements independently of the general Mozilla Open Web Apps security model even though we expect the models to be compatible, since B2G has specific issues that need to be considered in addition to browser-hosted applications. | ||
|Feature users and use cases=Users may obtain apps from a Mozilla application store, vendor or carrier application store, or other 3rd party stores. Some of these apps may have special privileges (such as a phone dialer) that may require additional controls. | |Feature users and use cases=Users may obtain apps from a number of different stores, including a Mozilla application store, vendor or carrier application store, or other 3rd party stores. Some of these apps may have special privileges (such as a phone dialer) that may require additional controls or extra authentication. | ||
Users should be able to discover, installed, run, update and uninstall application as they see fit. These applications should be able to run offline. Users should also be able to manage the security and privacy relevant settings for those applications, potentially at different phases of the apps lifecycle (at install, at runtime, independently). | Users should be able to discover, installed, run, update and uninstall application as they see fit. These applications should be able to run offline. Users should also be able to manage the security and privacy relevant settings for those applications, potentially at different phases of the apps lifecycle (at install, at runtime, independently). | ||
| Line 50: | Line 50: | ||
*Ability to grant trust for certain highly sensitive privileges (such as phone dialing) may be restricted at the OS level to specific trusted parties | *Ability to grant trust for certain highly sensitive privileges (such as phone dialing) may be restricted at the OS level to specific trusted parties | ||
|Feature non-goals=This document does not try to define the broader B2G security model, nor does it define the Open Web Apps security model even though we expect that B2G will contain a superset of the latter's requirements. | |Feature non-goals=This document does not try to define the broader B2G security model, nor does it define the Open Web Apps security model even though we expect that B2G will contain a superset of the latter's requirements. | ||
|Feature functional spec=A threat model is being documented here: https://wiki.mozilla.org/B2G_App_Security_Model/Threat_Model | |Feature functional spec=Functional specs are TBD. | ||
A threat model is being documented here: https://wiki.mozilla.org/B2G_App_Security_Model/Threat_Model | |||
WebAPI permissions manager implementation: https://bugzilla.mozilla.org/show_bug.cgi?id=707625 | WebAPI permissions manager implementation: https://bugzilla.mozilla.org/show_bug.cgi?id=707625 | ||