NSEC (New Security Model): Difference between revisions
(template) |
No edit summary |
||
| (One intermediate revision by one other user not shown) | |||
| Line 2: | Line 2: | ||
=='''Program Description'''== | =='''Program Description'''== | ||
New Security Model program is a project to change our underlining security infrastructure to allow more 3rd party development. | |||
===Product Requirements:=== | ===Product Requirements:=== | ||
* Enable exposing "sensitive APIs" to 3rd party developers. | |||
* Use the same update and security model for gaia and for 3rd party content. | |||
* Don't require content which uses "senstivie APIs" to be installed. Users should be able to simply browse to it. | |||
* Don't have separate cookie jars for separate apps. At least for normal content which doesn't use "sensitive APIs". | |||
* Ensure that content which uses "sensitive APIs" always runs in a separate process. Enforce in the parent process that only these separate processes can trigger "sensitive APIs". I.e. hacking a child process should not permit access to more sensitive APIs. | |||
* Enable content which uses "sensitive APIs" to have normal http(s) URLs such that they can use OAuth providers like facebook. | |||
* Enable content which uses "sensitive APIs" to use service workers. | |||
===User Stories and Acceptance Criteria=== | ===User Stories and Acceptance Criteria=== | ||
| Line 161: | Line 170: | ||
|- | |- | ||
| EM | | EM | ||
| | |||
| | |||
|- | |||
| PM | |||
| | | | ||
| | | | ||
| Line 178: | Line 191: | ||
*EPM = Engineering Program Manager | *EPM = Engineering Program Manager | ||
*EM = Engineering Manager | *EM = Engineering Manager | ||
*PM = Product Manager | |||
*TL = Tech Lead | *TL = Tech Lead | ||
*UX = User Experience | *UX = User Experience | ||
*QA = Quality Assurance | |||
---- | ---- | ||
==UX Specs== | |||
---- | |||
==Reference Links== | ==Reference Links== | ||
Latest revision as of 21:08, 6 November 2015
Program Description
New Security Model program is a project to change our underlining security infrastructure to allow more 3rd party development.
Product Requirements:
- Enable exposing "sensitive APIs" to 3rd party developers.
- Use the same update and security model for gaia and for 3rd party content.
- Don't require content which uses "senstivie APIs" to be installed. Users should be able to simply browse to it.
- Don't have separate cookie jars for separate apps. At least for normal content which doesn't use "sensitive APIs".
- Ensure that content which uses "sensitive APIs" always runs in a separate process. Enforce in the parent process that only these separate processes can trigger "sensitive APIs". I.e. hacking a child process should not permit access to more sensitive APIs.
- Enable content which uses "sensitive APIs" to have normal http(s) URLs such that they can use OAuth providers like facebook.
- Enable content which uses "sensitive APIs" to use service workers.
User Stories and Acceptance Criteria
| Title | BUG ID | User story | Acceptance Criteria |
|---|---|---|---|
| Title Goes Here | Bug ID | User Story 1 | Acceptance Criteria 1 |
| Bug ID | User Story 2 | Acceptance Criteria 2 | |
| Help/Onboarding | Bug ID | User Story 3 | Acceptance Criteria 3 |
Program Status
| Milestone | Date | Status |
|---|---|---|
| Milestone 1 | ON TARGET | |
| Milestone 2 | CHALLENGED | |
| Milestone 3 | AT RISK |
Status Key
| Color | Status | Key |
|---|---|---|
| On Target | The project or deliverable is expected to meet its due date. | |
| Challenged | The project or deliverable is facing an issue that might cause it to miss its due date, but a “get well” plan has been developed to get it back on track. | |
| At Risk or Late | The project or deliverable is blocked or facing an issue that might cause it to miss its due date, and there’s no “get well” plan to get it back on track, or it is already late. | |
| Done | The project or deliverable has been completed. | |
| On Hold | The project or deliverable has been placed on hold. |
Program Timeline
MVP Scope
Querying by 2.6+ features
(please add correct bug tracking number)
No results.
0 Total; 0 Open (0%); 0 Resolved (0%); 0 Verified (0%);
Dependency Tracking
Detailed Program Plan
| Action Item | Engineering Owner | QA Owner | UX Owner | Bugzilla ID | Planned Done | Actual Done |
|---|---|---|---|---|---|---|
Program Stakeholders
| Role | Name | IRC |
|---|---|---|
| EPM | ||
| EM | ||
| PM | ||
| TL | ||
| UX | ||
| QA |
- EPM = Engineering Program Manager
- EM = Engineering Manager
- PM = Product Manager
- TL = Tech Lead
- UX = User Experience
- QA = Quality Assurance