MozillaWiki

B2G App Security Model: Difference between revisions

Page Discussion

B2G App Security Model (view source)

Revision as of 18:35, 22 November 2013

64 bytes removed ,  22 November 2013
no edit summary
No edit summary
No edit summary
 
(6 intermediate revisions by 2 users not shown)
Line 1: Line 1:
{{FeatureStatus
{{FeatureStatus
|Feature name=B2G App Security Model
|Feature name=B2G App Security and Privacy Model
|Feature stage=Draft
|Feature stage=Complete
|Feature status=Complete
|Feature version=B2G 1.0
|Feature version=B2G 1.0
|Feature health=OK
|Feature health=OK
Line 7: Line 8:
{{FeatureTeam
{{FeatureTeam
|Feature product manager=Lucas Adamski
|Feature product manager=Lucas Adamski
|Feature feature manager=Lucas Adamski
|Feature lead engineer=Jonas Sicking, Chris Jones
|Feature lead engineer=Jonas Sicking, Chris Jones
|Feature security lead=Paul Theriault
|Feature security lead=Paul Theriault
|Feature privacy lead=Sid Stamm
}}
}}
{{FeaturePageBody
{{FeaturePageBody
Line 51: Line 54:
*Apps should not be vulnerable to common web vulnerabilities when granted significant privileges
*Apps should not be vulnerable to common web vulnerabilities when granted significant privileges
*Ability to grant trust for certain highly sensitive privileges (such as phone dialing) may be restricted at the OS level to specific trusted parties
*Ability to grant trust for certain highly sensitive privileges (such as phone dialing) may be restricted at the OS level to specific trusted parties
|Feature non-goals=This document does not try to define the broader B2G security model, nor does it define the Open Web Apps security model even though we expect that B2G will contain a superset of the latter's requirements.
|Feature functional spec=The current state of the application security model is located here: [[Apps/Security]]
|Feature functional spec=A threat model is being documented here: [[B2G_App_Security_Model/Threat_Model]]


A full analysis of the requirements and associated proposals is being documented here: [[Apps/Security]]
A threat model is being documented here: [[B2G_App_Security_Model/Threat_Model]]


WebAPI permissions manager implementation: https://bugzilla.mozilla.org/show_bug.cgi?id=707625
WebAPI permissions manager implementation: https://bugzilla.mozilla.org/show_bug.cgi?id=707625
Line 62: Line 64:
* Multiple App stores  
* Multiple App stores  
* Apps are peers to their native equivalents from an experience standpoint
* Apps are peers to their native equivalents from an experience standpoint
* Four types of web applications
}}
}}
{{FeatureInfo
{{FeatureInfo
Line 68: Line 71:
|Feature roadmap=Security
|Feature roadmap=Security
|Feature secondary roadmap=Gecko
|Feature secondary roadmap=Gecko
|Feature engineering team=Security
}}
}}
{{FeatureTeamStatus
{{FeatureTeamStatus
Sidstamm
canmove, Confirmed users
1,537

edits

Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/419758...768553"