Hello All, I'd like to propose to give WebActivity higher integrity than now because it will be key factor of apps communication on FxOS.
Currently both of the sender and the receiver might have doubt that the peer differs from apps expected. At least the receiver (usually high privileged) should provide sensitive information only if the sender is reliable. Here I will show some use case: 1. Receiver confirmation The sender is a SNS app. It occasionally wants to record a new contact but does not have permission to access the DB, so that the sender invoke an activity, which name could be 'moz.contact.org/register'. Any app including malicious one can register a handler for the name. User will see a list of receivers but he may make bad choice because of lack of caution. 2. Sender confirmation The receiver is an agent of single-sign-on authentication and wants to allow accesses only from pre-registered apps. With WebActivity, however, there are no ways to identify the sender. In the web, a site could keep secret key on its server and authentication is preceded on the secret but this mechanism does not work with installed apps because all sources are exposed. These issues are solved if WebActivity has an option to set the receiver when it is invoked and has the sender information when it is passed to the receiver. As the identity for the option and the information manifest URL seems suitable. I don't think to make another API for the above purpose. To keep existing codes working the functionality should be provided as an option. I'm happy if you take a consideration on this topic and give any response. Junichi Hashimoto _______________________________________________ dev-b2g mailing list [email protected] https://lists.mozilla.org/listinfo/dev-b2g
