Please reply-to
dev-w...@lists.mozilla.org
Name of API: Open Web App API
Reference:
https://developer.mozilla.org/en/OpenWebApps/The_JavaScript_API
Brief purpose of API: The Open Web Apps JavaScript API is a programmatic interface for installing Web apps and for managing a client-side collection of Web apps that a user has installed.
General Use Cases:
* Install an app - navigator.mozApps.install(url, [install_data])
* A web page can check if it is installed - navigator.mozApps.getSelf()
* Return a list of installed apps installed by this domain - navigator.mozApps.getInstalled()
Inherent threats:
* Installation grants some minor additional privileges
* Access to install an app on another domain introduces risks
* Privacy (users can be identified by list of apps)
Threat severity: Low for Installation API, High for Management API
== Regular web content (unauthenticated) ==
Use cases for unauthenticated code: Just the general cases as above.
Authorization model for normal content: Explicit for install (OS Mediated), Implicit for check status
Authorization model for installed content:Explicit for install (OS Mediated), Implicit for check status
Potential mitigations: getInstalled() only returns the apps installed by the current domain
== Trusted (authenticated by publisher) ==
Use cases for authenticated code:
A "dashboard" can manage and launch Apps on the users behalf
A "dashboard" can monitor the state of logged in applications
Authorization model: Implicit, execpt Remove App is Explicit (OS Mediated)
Potential mitigations:
== Certified (vouched for by trusted 3rd party) ==
Use cases for certified code: Same as trusted
Authorization model: Implicit
Potential mitigations:
Note: not sure if management functions belong in trusted or privileged. This is probably a subject for discussion.