WebAPI/Security/Battery: Difference between revisions
Ptheriault (talk | contribs) (Created page with " Name of API: Battery API Reference: https://bugzilla.mozilla.org/show_bug.cgi?id=678694 http://dvcs.w3.org/hg/dap/raw-file/tip/battery/Overview.html Note from spec: The API def...") |
No edit summary |
||
| Line 1: | Line 1: | ||
Name of API: Battery API | |||
Reference: | |||
*https://bugzilla.mozilla.org/show_bug.cgi?id=678694 | |||
http://dvcs.w3.org/hg/dap/raw-file/tip/battery/Overview.html | *http://dvcs.w3.org/hg/dap/raw-file/tip/battery/Overview.html | ||
Note from spec: | Note from spec:<br> | ||
The API defined in this specification is used to determine the battery | The API defined in this specification is used to determine the battery | ||
status of the hosting device. The information disclosed has minimal | status of the hosting device. The information disclosed has minimal | ||
| Line 12: | Line 13: | ||
Brief purpose of API: | Brief purpose of API: | ||
Inherent threats:Fingerprinting, abuse of battery? | General Use Cases: Adjust app behavior based upon power status | ||
Inherent threats: Fingerprinting, abuse of battery? | |||
Threat severity: | Threat severity: Low | ||
== Regular web content (unauthenticated) == | == Regular web content (unauthenticated) == | ||
Use | Use cases: Same | ||
Authorization model for normal content: Implicit | Authorization model for normal content: Implicit | ||
Authorization model for installed content: Implicit | Authorization model for installed content: Implicit | ||
Potential mitigations: None | Potential mitigations: None | ||
== Trusted (authenticated by publisher) == | == Trusted (authenticated by publisher) == | ||
Use cases:Same | Use cases: Same | ||
Authorization mode: Implicit | Authorization mode: Implicit | ||
Potential mitigations:None | |||
Potential mitigations: None | |||
== Certified (vouched for by trusted 3rd party) == | == Certified (vouched for by trusted 3rd party) == | ||
Use cases: Same | Use cases: Same | ||
Authorization model:Implicit | |||
Potential mitigations:None | Authorization model: Implicit | ||
Potential mitigations: None | |||
Note: Should have a setting to disable this in privacy settings | Note: Should have a setting to disable this in privacy settings | ||
Revision as of 06:16, 31 July 2012
Name of API: Battery API
Reference:
- https://bugzilla.mozilla.org/show_bug.cgi?id=678694
- http://dvcs.w3.org/hg/dap/raw-file/tip/battery/Overview.html
Note from spec:
The API defined in this specification is used to determine the battery
status of the hosting device. The information disclosed has minimal
impact on privacy or fingerprinting, and therefore is exposed without
permission grants. For example, authors cannot directly know if there is
a battery or not in the hosting device.
Brief purpose of API:
General Use Cases: Adjust app behavior based upon power status
Inherent threats: Fingerprinting, abuse of battery?
Threat severity: Low
Regular web content (unauthenticated)
Use cases: Same
Authorization model for normal content: Implicit
Authorization model for installed content: Implicit
Potential mitigations: None
Trusted (authenticated by publisher)
Use cases: Same
Authorization mode: Implicit
Potential mitigations: None
Certified (vouched for by trusted 3rd party)
Use cases: Same
Authorization model: Implicit
Potential mitigations: None
Note: Should have a setting to disable this in privacy settings