WebAPI/Security/Battery: Difference between revisions

Latest revision as of 23:40, 1 October 2014

Battery API

General Use Cases: Adjust app behavior based upon power status

Reference:

Note from the W3C spec:

The API defined in this specification is used to determine the battery
status of the hosting device. The information disclosed has minimal
impact on privacy or fingerprinting, and therefore is exposed without  
permission grants. For example, authors cannot directly know if there is
a battery or not in the hosting device.

Inherent threats: Fingerprinting, abuse of battery?

Threat severity: Low

Type	Use Cases	Authorization Model
Web Content	Same as general	Unrestricted
Installed Web Apps	Same as general	Unrestricted
Privileged Web Apps	Same as general	Unrestricted
Certified Web Apps	Same as general	Unrestricted

@@ Line 1: / Line 1: @@
+== Battery API ==
-Name of API: Battery API
+General Use Cases: Adjust app behavior based upon power status
-Reference: https://bugzilla.mozilla.org/show_bug.cgi?id=678694
-http://dvcs.w3.org/hg/dap/raw-file/tip/battery/Overview.html
-Note from spec:
+Reference:
-The API defined in this specification is used to determine the battery
+*https://bugzilla.mozilla.org/show_bug.cgi?id=678694
-status of the hosting device. The information disclosed has minimal
+*http://dvcs.w3.org/hg/dap/raw-file/tip/battery/Overview.html
-impact on privacy or fingerprinting, and therefore is exposed without
+*https://groups.google.com/d/topic/mozilla.dev.webapps/vNhpn299aG0/discussion
-permission grants. For example, authors cannot directly know if there is
-a battery or not in the hosting device.
-Brief purpose of API:
+Note from the W3C spec:
-General Use Cases:Adjust app behavior based upon power status
+ The API defined in this specification is used to determine the battery
+ status of the hosting device. The information disclosed has minimal
+ impact on privacy or fingerprinting, and therefore is exposed without
+ permission grants. For example, authors cannot directly know if there is
+ a battery or not in the hosting device.
-Inherent threats:Fingerprinting, abuse of battery?
+Inherent threats: Fingerprinting, abuse of battery?
-Threat severity:low
+Threat severity: Low
-== Regular web content (unauthenticated) ==
+{| border="1" class="wikitable"
-Use  cases:Same
+! Type
-Authorization model for normal content: Implicit
+! Use Cases
-Authorization model for installed content: Implicit
+! Authorization Model
-Potential mitigations: None
+! Notes & Other Controls
+|-
+| Web Content || Same as general || Unrestricted ||
+|-
+| Installed Web Apps || Same as general || Unrestricted ||
+|-
+| Privileged Web Apps || Same as general || Unrestricted ||
+|-
+| Certified Web Apps || Same as general || Unrestricted ||
+|}
-== Trusted (authenticated by publisher) ==
-Use cases:Same
-Authorization mode: Implicit
-Potential mitigations:None
-== Certified (vouched for by trusted 3rd party) ==
+__NOTOC__
-Use cases: Same
-Authorization model:Implicit
-Potential mitigations:None
-Note: Should have a setting to disable this in privacy settings
+[[Category:Web APIs]]
+[[Category:Security]]