Push API: Difference between revisions
Jump to navigation
Jump to search
Full Query
Ptheriault (talk | contribs) No edit summary |
Ptheriault (talk | contribs) No edit summary |
||
| Line 9: | Line 9: | ||
}} | }} | ||
{{SecReview | {{SecReview | ||
|SecReview feature goal=Background documentation: <br> | |SecReview feature goal=<b>Background documentation:</b> <br> | ||
* https://www.dropbox.com/s/xa3gqxyd7ycpw0y/Push%20notification%20server%20APIs.docx | * https://www.dropbox.com/s/xa3gqxyd7ycpw0y/Push%20notification%20server%20APIs.docx | ||
* https://bugzilla.mozilla.org/show_bug.cgi?id=776501 | * https://bugzilla.mozilla.org/show_bug.cgi?id=776501 | ||
<b>Overview of feature:</b><br> | |||
* allow a Web App to recieve notifications via a push mechanism | * allow a Web App to recieve notifications via a push mechanism | ||
* Carrier provides a Notification server which stores and forwards all the messages to client on behalf of the application server | * Carrier provides a Notification server which stores and forwards all the messages to client on behalf of the application server | ||
<b>Normal flow of actions<b><br> | |||
<b>Normal flow of actions</b><br> | |||
(see linked document above for further detail) | (see linked document above for further detail) | ||
# User powers on the handset | # User powers on the handset | ||
| Line 28: | Line 31: | ||
# When app wants to push, the app server sends a post to the URL provided | # When app wants to push, the app server sends a post to the URL provided | ||
<b>Actors & communication<b><br> | <b>Actors & communication</b><br> | ||
Web App<-->Gecko<-->Notification Server (carrier)<--> Application Server (developer) | Web App<-->Gecko<-->Notification Server (carrier)<--> Application Server (developer) | ||
| Line 41: | Line 44: | ||
- https POST API | - https POST API | ||
Application Server | Application Server | ||
}} | }} | ||
{{SecReviewActionStatus | {{SecReviewActionStatus | ||
|SecReview action item status=None | |SecReview action item status=None | ||
}} | }} | ||
Revision as of 02:45, 1 September 2012
Please use "Edit with form" above to edit this page.
Item Reviewed
| Push API | |||||||||
| Target | * https://www.dropbox.com/s/xa3gqxyd7ycpw0y/Push%20notification%20server%20APIs.docx
1 Total; 0 Open (0%); 1 Resolved (100%); 0 Verified (0%); |
||||||||
{{#set:SecReview name=Push API |SecReview target=* https://www.dropbox.com/s/xa3gqxyd7ycpw0y/Push%20notification%20server%20APIs.docx
| ID | Summary | Priority | Status |
|---|---|---|---|
| 776501 | [Security Review] Push Notification API | P4 | RESOLVED |
1 Total; 0 Open (0%); 1 Resolved (100%); 0 Verified (0%);
}}
Introduce the Feature
Goal of Feature, what is trying to be achieved (problem solved, use cases, etc)
Background documentation:
- https://www.dropbox.com/s/xa3gqxyd7ycpw0y/Push%20notification%20server%20APIs.docx
- https://bugzilla.mozilla.org/show_bug.cgi?id=776501
Overview of feature:
- allow a Web App to recieve notifications via a push mechanism
- Carrier provides a Notification server which stores and forwards all the messages to client on behalf of the application server
Normal flow of actions
(see linked document above for further detail)
- User powers on the handset
- First app that wants a PUSH API
- App asks gecko to listen to push messages
- Gecko if not previously connected, registers itself as a UA with notification server
- Gecko registers the Web App, (token and public key)
- Notification server stores this information in database, and generates a url to send back to UA.
- Gecko send url to Web App
- Web App sends url to App server
- When app wants to push, the app server sends a post to the URL provided
Actors & communication
Web App<-->Gecko<-->Notification Server (carrier)<--> Application Server (developer)
Communication Web App
< - register(WAToken, pbk)->
Gecko (user agent)
- https GET (retrieve UAToken) - web socket connection (Register UA, register WA, getAllMessages, ACK) - udp datagram Wakeup packet
Notification Server
- https POST API
Application Server
What solutions/approaches were considered other than the proposed solution?
`
Why was this solution chosen?
`
Any security threats already considered in the design and why?
`
Threat Brainstorming
'
{{#set: SecReview feature goal=Background documentation:
- https://www.dropbox.com/s/xa3gqxyd7ycpw0y/Push%20notification%20server%20APIs.docx
- https://bugzilla.mozilla.org/show_bug.cgi?id=776501
Overview of feature:
- allow a Web App to recieve notifications via a push mechanism
- Carrier provides a Notification server which stores and forwards all the messages to client on behalf of the application server
Normal flow of actions
(see linked document above for further detail)
- User powers on the handset
- First app that wants a PUSH API
- App asks gecko to listen to push messages
- Gecko if not previously connected, registers itself as a UA with notification server
- Gecko registers the Web App, (token and public key)
- Notification server stores this information in database, and generates a url to send back to UA.
- Gecko send url to Web App
- Web App sends url to App server
- When app wants to push, the app server sends a post to the URL provided
Actors & communication
Web App<-->Gecko<-->Notification Server (carrier)<--> Application Server (developer)
Communication Web App
< - register(WAToken, pbk)->
Gecko (user agent)
- https GET (retrieve UAToken) - web socket connection (Register UA, register WA, getAllMessages, ACK) - udp datagram Wakeup packet
Notification Server
- https POST API
Application Server |SecReview alt solutions=' |SecReview solution chosen=' |SecReview threats considered=' |SecReview threat brainstorming=' }}
Action Items
| Action Item Status | None |
| Release Target | ` |
| Action Items | |
| ' | |
{{#set:|SecReview action item status=None
|Feature version=` |SecReview action items=` }}