Sorry I didn't catch this earlier. The following discussion is still accurate, though I will refine these descriptions and post them to the wiki by Friday: https://groups.google.com/group/mozilla.dev.webapps/browse_thread/thread/2dd02277ab8b41ba?pli=1 Lucas.
On Apr 17, 2012, at 4:09 AM, Ben Francis wrote: > On Mon, Apr 16, 2012 at 7:14 AM, Lucas Adamski <[email protected]> wrote: > >> >> == Regular web content (unauthenticated) == >> >> == Trusted (authenticated by publisher) == >> >> == Certified (vouched for by trusted 3rd party) == >> > > I don't understand these categories, could you explain them a bit further? > > What is the difference between trusted and certified and what process and > limitations do they require? > > Is there a difference in security model between regular web content and > installed apps? > > If the app is installed directly from a web app's own server (not via a > third party app store), can it never get access to this API, even with the > user's explicit permission? > > Ben > > -- > Ben Francis > http://tola.me.uk > _______________________________________________ > dev-security mailing list > [email protected] > https://lists.mozilla.org/listinfo/dev-security _______________________________________________ dev-security mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security
