WebAPI/Security/Vibration: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
No edit summary |
||
| (4 intermediate revisions by 2 users not shown) | |||
| Line 1: | Line 1: | ||
== Vibration == | |||
Brief purpose of API: Let content activate the vibration motor. | |||
General use cases: Vibrate when hit in a game etc. | |||
Reference: http://dev.w3.org/2009/dap/vibration/ | Reference: http://dev.w3.org/2009/dap/vibration/ | ||
| Line 5: | Line 7: | ||
Security Discussion: https://groups.google.com/group/mozilla.dev.webapps/browse_thread/thread/6aa715e1d7a5a9f5# | Security Discussion: https://groups.google.com/group/mozilla.dev.webapps/browse_thread/thread/6aa715e1d7a5a9f5# | ||
Inherent threats: Obnoxious if abused, consume extra battery. | |||
Inherent threats: Obnoxious if | |||
Threat severity: low | Threat severity: low | ||
Notes: | |||
* User can deny from Permission Manager to override an abusive app. | |||
* Since only foreground content can trigger vibrator, this seems equivalent to other potentially annoying feedback mechanisms and should be implicit for uninstalled web content. | |||
== | === Permissions Table=== | ||
Authorization | {| border="1" class="wikitable" | ||
! Type | |||
! Use Cases | |||
! Authorization Model | |||
! Notes & Other Controls | |||
|- | |||
| Web Content || As per general use case. || Implicit || Limit how long vibrations can run. Only foreground content can trigger vibration. | |||
|- | |||
| Installed Web Apps || As per general use case. || Implicit || Limit how long vibrations can run. Only foreground content can trigger vibration. | |||
|- | |||
| Privileged Web Apps || As per general use case. || Implicit|| Limit how long vibrations can run. Only foreground content can trigger vibration. | |||
|- | |||
| Certified Web Apps || As per general use case. || Implicit || Limit how long vibrations can run. Only foreground content can trigger vibration. | |||
|} | |||
__NOTOC__ | |||
[[Category:Web APIs]] | |||
[[Category:Security]] | |||
Latest revision as of 23:42, 1 October 2014
Vibration
Brief purpose of API: Let content activate the vibration motor. General use cases: Vibrate when hit in a game etc.
Reference: http://dev.w3.org/2009/dap/vibration/
Security Discussion: https://groups.google.com/group/mozilla.dev.webapps/browse_thread/thread/6aa715e1d7a5a9f5#
Inherent threats: Obnoxious if abused, consume extra battery.
Threat severity: low
Notes:
- User can deny from Permission Manager to override an abusive app.
- Since only foreground content can trigger vibrator, this seems equivalent to other potentially annoying feedback mechanisms and should be implicit for uninstalled web content.
Permissions Table
| Type | Use Cases | Authorization Model | Notes & Other Controls |
|---|---|---|---|
| Web Content | As per general use case. | Implicit | Limit how long vibrations can run. Only foreground content can trigger vibration. |
| Installed Web Apps | As per general use case. | Implicit | Limit how long vibrations can run. Only foreground content can trigger vibration. |
| Privileged Web Apps | As per general use case. | Implicit | Limit how long vibrations can run. Only foreground content can trigger vibration. |
| Certified Web Apps | As per general use case. | Implicit | Limit how long vibrations can run. Only foreground content can trigger vibration. |