Re: WebAPI Security Discussion:Alarm API

11 views
Skip to first unread message

Paul Theriault

unread,
May 10, 2012, 1:09:21 PM5/10/12
to dev-w...@lists.mozilla.org, dev-w...@lists.mozilla.org, dev-se...@lists.mozilla.org, Mozilla B2G mailing list
(sorry, wrong subject)
> Name of API: Alarm API
> Reference:
> https://groups.google.com/d/topic/mozilla.dev.webapi/pkx1uz_pnhQ/discussion
>
> Brief purpose of API:
> General Use Cases:Add an alarm (relaunch the app via alarm intentat a
> future time)
>
> Inherent threats:Annoyance
>
> Threat severity: Low
>
> == Regular web content (unauthenticated) ==
> Use cases for unauthenticated code: Relaunch the app via an alarm
> intent at a future time
> Authorization model for normal content: None
> Authorization model for installed content: Implicit
> Potential mitigations: Should be a way to disable alarm for a given app
>
> == Trusted (authenticated by publisher) ==
> Same as for installed untrusted app
>
> == Certified (vouched for by trusted 3rd party) ==
> Same as for installed untrusted app
>
> _______________________________________________
> dev-webapps mailing list
> dev-w...@lists.mozilla.org
> https://lists.mozilla.org/listinfo/dev-webapps
Reply all
Reply to author
Forward
0 new messages