info
Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
WebAPI Security Discussion:Battery API
11 views
Skip to first unread message
Paul Theriault
May 9, 2012, 3:02:49 PM5/9/12
to dev-w...@lists.mozilla.org, dev-w...@lists.mozilla.org, dev-se...@lists.mozilla.org, Mozilla B2G mailing list
(Please reply-to dev-w...@lists.mozilla.org)
Name of API: Battery API
Reference: https://bugzilla.mozilla.org/show_bug.cgi?id=678694
http://dvcs.w3.org/hg/dap/raw-file/tip/battery/Overview.html
Note from spec:
The API defined in this specification is used to determine the battery
status of the hosting device. The information disclosed has minimal
impact on privacy or fingerprinting, and therefore is exposed without
permission grants. For example, authors cannot directly know if there is
a battery or not in the hosting device.
Brief purpose of API:
General Use Cases:Adjust app behavior based upon power status
Inherent threats:Fingerprinting, abuse of battery?
Threat severity:low
== Regular web content (unauthenticated) ==
Use cases:Same
Authorization model for normal content: Implicit
Authorization model for installed content: Implicit
Potential mitigations: None
== Trusted (authenticated by publisher) ==
Use cases:Same
Authorization mode: Implicit
Potential mitigations:None
== Certified (vouched for by trusted 3rd party) ==
Use cases: Same
Authorization model:Implicit
Potential mitigations:None
Note: Should have a setting to disable this in privacy settings
Name of API: Battery API
Reference: https://bugzilla.mozilla.org/show_bug.cgi?id=678694
http://dvcs.w3.org/hg/dap/raw-file/tip/battery/Overview.html
Note from spec:
The API defined in this specification is used to determine the battery
status of the hosting device. The information disclosed has minimal
impact on privacy or fingerprinting, and therefore is exposed without
permission grants. For example, authors cannot directly know if there is
a battery or not in the hosting device.
Brief purpose of API:
General Use Cases:Adjust app behavior based upon power status
Inherent threats:Fingerprinting, abuse of battery?
Threat severity:low
== Regular web content (unauthenticated) ==
Use cases:Same
Authorization model for normal content: Implicit
Authorization model for installed content: Implicit
Potential mitigations: None
== Trusted (authenticated by publisher) ==
Use cases:Same
Authorization mode: Implicit
Potential mitigations:None
== Certified (vouched for by trusted 3rd party) ==
Use cases: Same
Authorization model:Implicit
Potential mitigations:None
Note: Should have a setting to disable this in privacy settings
pther...@mozilla.com
Jun 4, 2012, 1:44:25 AM6/4/12
to mozilla.d...@googlegroups.com, dev-w...@lists.mozilla.org, dev-w...@lists.mozilla.org, dev-se...@lists.mozilla.org, Mozilla B2G mailing list
pther...@mozilla.com
Jun 4, 2012, 1:44:25 AM6/4/12
to mozilla-d...@lists.mozilla.org, dev-w...@lists.mozilla.org, dev-w...@lists.mozilla.org, dev-se...@lists.mozilla.org, Mozilla B2G mailing list
Final call for comments on this API. Please reply to dev-w...@lists.mozilla.org before COB Jun 4.
On Thursday, 10 May 2012 05:02:49 UTC+10, pther...@mozilla.com wrote:
On Thursday, 10 May 2012 05:02:49 UTC+10, pther...@mozilla.com wrote:
0 new messages