Please reply-to [email protected] Name of API: Idle API Reference: https://wiki.mozilla.org/WebAPI/IdleAPI
Brief purpose of API: Notify an app if the user is idle General Use Cases: Notify a web page is a user is idle (e.g. to change a status in an instant messaging program) Inherent threats: Privacy implication - signalling mulitple windows at exactly the same time could correlate user identities and compromise privacy Threat severity: Low == Regular web content (unauthenticated) == Use cases for unauthenticated code: Event is fired when the user is idle Authorization model for normal content: Implicit Authorization model for installed content:Implicit Potential mitigations: Exact time user goes idle can be fuzzy so as to reduce correlation == Trusted (authenticated by publisher) == Use cases for authenticated code: As per unauthenticated Authorization model: Potential mitigations: == Certified (vouched for by trusted 3rd party) == Use cases for certified code: As per unauthenticated Authorization model: Potential mitigations: _______________________________________________ dev-security mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security
