On Thu, Mar 8, 2012 at 8:31 AM, Lucas Adamski <ladam...@mozilla.com> wrote: > Hi Jonas, > > Thank you for sending this out! I really like the model overall. > > With sensitive APIs, even if a 3d party vouches for the capabilities of the > app, I believe we would still want to communicate that to the user somehow at > installation time? I'm concerned we'd end up with a pretty long and arcane > list. Maybe we could map those to a general "system access" meta-capability.
I think we'll have a lot of freedom in how we construct the UI here given that in some sense it's mostly "informational". So we can group things together as needed to reduce UI clutter. > Actually, does this proposal assume all apps will go through the same > installation experience (i.e. do we have the concept of an app without an > explicit installation)? I think for all really sensitive APIs we'd be relying on going through the installation experience yeah, in order to have the trusted store validate that access is ok. For a lot of not quite so sensitive APIs, like geolocation or ability to add files to DeviceStorage, a simple prompt to the user should be ok. This could be expressed as a default level for all of these capabilities for non-installed apps, where we default to "no access" for the especially sensitive APIs. / Jonas _______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security