WebAPI Security Discussion: Resource Lock API
21 views
Skip to first unread message
Lucas Adamski
Apr 16, 2012, 2:18:16 AM4/16/12
to dev-w...@lists.mozilla.org, dev-w...@lists.mozilla.org, dev-b2g mailing list, dev-se...@lists.mozilla.org
Please reply-to dev-w...@lists.mozilla.org
Name of API: Resource Lock API
Reference: https://bugzilla.mozilla.org/show_bug.cgi?id=697132
Brief purpose of API: Prevent the screen from being dimmed or switched off
General Use Cases: Request a lock to stop the screen from being dimmed, even if the user is idle (eg. watching a movie)
Inherent threats: Drain power, annoyances
Threat severity: Low
== Regular web content (unauthenticated) ==
Use cases for unauthenticated code: Same as General
Authorization model for normal content: Explicit
Authorization model for installed content:Implicit
Potential mitigations:
== Trusted (authenticated by publisher) ==
Use cases for authenticated code: Same as General
Authorization model:
Potential mitigations:
== Certified (vouched for by trusted 3rd party) ==
Use cases for certified code: Same as General
Authorization model:
Potential mitigations:
Name of API: Resource Lock API
Reference: https://bugzilla.mozilla.org/show_bug.cgi?id=697132
Brief purpose of API: Prevent the screen from being dimmed or switched off
General Use Cases: Request a lock to stop the screen from being dimmed, even if the user is idle (eg. watching a movie)
Inherent threats: Drain power, annoyances
Threat severity: Low
== Regular web content (unauthenticated) ==
Use cases for unauthenticated code: Same as General
Authorization model for normal content: Explicit
Authorization model for installed content:Implicit
Potential mitigations:
== Trusted (authenticated by publisher) ==
Use cases for authenticated code: Same as General
Authorization model:
Potential mitigations:
== Certified (vouched for by trusted 3rd party) ==
Use cases for certified code: Same as General
Authorization model:
Potential mitigations:
Adrienne Porter Felt
Apr 16, 2012, 10:26:32 AM4/16/12
to dev-w...@lists.mozilla.org, dev-w...@lists.mozilla.org, dev-se...@lists.mozilla.org, dev-b2g mailing list
It would be great if the spec also specified that the phone needs to
provide a resource consumption manager. That way concerned users could see
which trusted/certified apps are responsible for a short battery life, if
the phone is being drained too fast.
> _______________________________________________
> dev-security mailing list
> dev-se...@lists.mozilla.org
> https://lists.mozilla.org/listinfo/dev-security
>
provide a resource consumption manager. That way concerned users could see
which trusted/certified apps are responsible for a short battery life, if
the phone is being drained too fast.
> dev-security mailing list
> dev-se...@lists.mozilla.org
> https://lists.mozilla.org/listinfo/dev-security
>
Justin Lebar
Apr 16, 2012, 7:22:21 PM4/16/12
to Adrienne Porter Felt, dev-w...@lists.mozilla.org, dev-w...@lists.mozilla.org, dev-se...@lists.mozilla.org, dev-b2g mailing list
> It would be great if the spec also specified that the phone needs to
> provide a resource consumption manager.
Perhaps "should" rather than "needs to". This is a non-trivial thing
> provide a resource consumption manager.
to do, in general. Not that we shouldn't do it, but I don't think we
should say that we're in violation of the spec if we don't.
> dev-b2g mailing list
> dev...@lists.mozilla.org
> https://lists.mozilla.org/listinfo/dev-b2g
Benjamin Smedberg
Apr 17, 2012, 9:02:26 AM4/17/12
to dev-w...@lists.mozilla.org
On 4/16/2012 2:18 AM, Lucas Adamski wrote:
> Please reply-to dev-w...@lists.mozilla.org
>
> Name of API: Resource Lock API
> Reference: https://bugzilla.mozilla.org/show_bug.cgi?id=697132
>
> Brief purpose of API: Prevent the screen from being dimmed or switched off
> General Use Cases: Request a lock to stop the screen from being dimmed, even if the user is idle (eg. watching a movie)
>
> Inherent threats: Drain power, annoyances
>
> Threat severity: Low
>
> == Regular web content (unauthenticated) ==
> Use cases for unauthenticated code: Same as General
> Authorization model for normal content: Explicit
> Authorization model for installed content:Implicit
> Potential mitigations:
Why can't we just let all content have access to this API by default, at
> Please reply-to dev-w...@lists.mozilla.org
>
> Name of API: Resource Lock API
> Reference: https://bugzilla.mozilla.org/show_bug.cgi?id=697132
>
> Brief purpose of API: Prevent the screen from being dimmed or switched off
> General Use Cases: Request a lock to stop the screen from being dimmed, even if the user is idle (eg. watching a movie)
>
> Inherent threats: Drain power, annoyances
>
> Threat severity: Low
>
> == Regular web content (unauthenticated) ==
> Use cases for unauthenticated code: Same as General
> Authorization model for normal content: Explicit
> Authorization model for installed content:Implicit
> Potential mitigations:
least when it is in the foreground? I really don't think we need to make
users choose whether websites can turn off their screen saver.
--BDS
Lucas Adamski
Apr 18, 2012, 8:43:47 PM4/18/12
to Benjamin Smedberg, dev-w...@lists.mozilla.org, dev-se...@lists.mozilla.org
Lucas.
Lucas Adamski
Apr 26, 2012, 10:56:12 AM4/26/12
to dev-w...@lists.mozilla.org, dev-w...@lists.mozilla.org, dev-se...@lists.mozilla.org, dev-b2g mailing list
I haven't seen any comments on this for a while so I'll be closing this out and posting on Friday. Please send any last comments before noon PDT. Thanks!
Lucas.
On Apr 15, 2012, at 11:18 PM, Lucas Adamski wrote:
> Please reply-to dev-w...@lists.mozilla.org
>
> Name of API: Resource Lock API
> Reference: https://bugzilla.mozilla.org/show_bug.cgi?id=697132
>
> Brief purpose of API: Prevent the screen from being dimmed or switched off
> General Use Cases: Request a lock to stop the screen from being dimmed, even if the user is idle (eg. watching a movie)
>
> Inherent threats: Drain power, annoyances
>
> Threat severity: Low
>
> == Regular web content (unauthenticated) ==
> Use cases for unauthenticated code: Same as General
> Authorization model for normal content: Explicit
> Authorization model for installed content:Implicit
> Potential mitigations:
>
> Authorization model:
> Potential mitigations:
>
Lucas.
On Apr 15, 2012, at 11:18 PM, Lucas Adamski wrote:
> Please reply-to dev-w...@lists.mozilla.org
>
> Name of API: Resource Lock API
> Reference: https://bugzilla.mozilla.org/show_bug.cgi?id=697132
>
> Brief purpose of API: Prevent the screen from being dimmed or switched off
> General Use Cases: Request a lock to stop the screen from being dimmed, even if the user is idle (eg. watching a movie)
>
> Inherent threats: Drain power, annoyances
>
> Threat severity: Low
>
> == Regular web content (unauthenticated) ==
> Use cases for unauthenticated code: Same as General
> Authorization model for normal content: Explicit
> Authorization model for installed content:Implicit
> Potential mitigations:
>
> == Trusted (authenticated by publisher) ==
> Use cases for authenticated code: Same as General
> Authorization model:
> Potential mitigations:
>
> == Certified (vouched for by trusted 3rd party) ==
> Use cases for certified code: Same as General
> Use cases for authenticated code: Same as General
> Authorization model:
> Potential mitigations:
>
> == Certified (vouched for by trusted 3rd party) ==
> Authorization model:
> Potential mitigations:
>
Lucas Adamski
Apr 30, 2012, 12:25:42 AM4/30/12
to dev-w...@lists.mozilla.org, dev-w...@lists.mozilla.org, dev-se...@lists.mozilla.org, dev-b2g mailing list
"Final" proposal. Please reply-to dev-w...@lists.mozilla.org with any major issues.
Name of API: Resource Lock API
Reference: https://bugzilla.mozilla.org/show_bug.cgi?id=697132
Brief purpose of API: Prevent the screen from being dimmed or switched off
General Use Cases: Request a lock to stop the screen from being dimmed, even if the user is idle (eg. watching a movie)
Inherent threats: Drain power, annoyances
Threat severity: Low
== Regular web content (unauthenticated) ==
Use cases for unauthenticated code: Same as General
Authorization model for normal content: Implicit for fullscreen only, explicit otherwise
Potential mitigations:
Notes: It would be great if the spec also specified that the phone /needs to/should/
Name of API: Resource Lock API
Reference: https://bugzilla.mozilla.org/show_bug.cgi?id=697132
Brief purpose of API: Prevent the screen from being dimmed or switched off
General Use Cases: Request a lock to stop the screen from being dimmed, even if the user is idle (eg. watching a movie)
Inherent threats: Drain power, annoyances
Threat severity: Low
== Regular web content (unauthenticated) ==
Use cases for unauthenticated code: Same as General
Authorization model for installed content: Implicit
Potential mitigations:
== Trusted (authenticated by publisher) ==
Use cases for authenticated code: Same as General
Authorization model: Implicit
Potential mitigations:
== Trusted (authenticated by publisher) ==
Use cases for authenticated code: Same as General
Potential mitigations:
== Certified (vouched for by trusted 3rd party) ==
Use cases for certified code: Same as General
Authorization model: Implicit
== Certified (vouched for by trusted 3rd party) ==
Use cases for certified code: Same as General
Potential mitigations:
Notes: It would be great if the spec also specified that the phone /needs to/should/
provide a resource consumption manager. That way concerned users could see
which trusted/certified apps are responsible for a short battery life, if
the phone is being drained too fast. [apf]
which trusted/certified apps are responsible for a short battery life, if
Benjamin Smedberg
May 10, 2012, 1:46:30 PM5/10/12
to dev-w...@lists.mozilla.org
On 4/30/2012 12:25 AM, Lucas Adamski wrote:
> "Final" proposal. Please reply-to dev-w...@lists.mozilla.org with any major issues.
>
> Name of API: Resource Lock API
> Reference: https://bugzilla.mozilla.org/show_bug.cgi?id=697132
>
> Brief purpose of API: Prevent the screen from being dimmed or switched off
> General Use Cases: Request a lock to stop the screen from being dimmed, even if the user is idle (eg. watching a movie)
>
> Inherent threats: Drain power, annoyances
>
> Threat severity: Low
>
> == Regular web content (unauthenticated) ==
> Use cases for unauthenticated code: Same as General
> Authorization model for normal content: Implicit for fullscreen only, explicit otherwise
> Authorization model for installed content: Implicit
> Potential mitigations:
I still believe that we should implicitly allow web content to disable
> "Final" proposal. Please reply-to dev-w...@lists.mozilla.org with any major issues.
>
> Name of API: Resource Lock API
> Reference: https://bugzilla.mozilla.org/show_bug.cgi?id=697132
>
> Brief purpose of API: Prevent the screen from being dimmed or switched off
> General Use Cases: Request a lock to stop the screen from being dimmed, even if the user is idle (eg. watching a movie)
>
> Inherent threats: Drain power, annoyances
>
> Threat severity: Low
>
> == Regular web content (unauthenticated) ==
> Use cases for unauthenticated code: Same as General
> Authorization model for normal content: Implicit for fullscreen only, explicit otherwise
> Authorization model for installed content: Implicit
> Potential mitigations:
the screen saver while it is in the foreground. I'm pretty sure Flash
content is allowed to do this (I believe the netflix viewer disables the
screen saver).
--BDS
Jonas Sicking
May 10, 2012, 3:04:29 PM5/10/12
to Benjamin Smedberg, dev-w...@lists.mozilla.org
I agree that allowing focused pages to do this seems reasonable, but
I'm also ok with this being a prompt for now (which I believe is what
"explicit" means), it's something we can always relax in the future.
/ Jonas
Reply all
Reply to author
Forward
0 new messages