"Final" proposal. Please reply-to [email protected] with any major issues.
Name of API: Resource Lock API Reference: https://bugzilla.mozilla.org/show_bug.cgi?id=697132 Brief purpose of API: Prevent the screen from being dimmed or switched off General Use Cases: Request a lock to stop the screen from being dimmed, even if the user is idle (eg. watching a movie) Inherent threats: Drain power, annoyances Threat severity: Low == Regular web content (unauthenticated) == Use cases for unauthenticated code: Same as General Authorization model for normal content: Implicit for fullscreen only, explicit otherwise Authorization model for installed content: Implicit Potential mitigations: == Trusted (authenticated by publisher) == Use cases for authenticated code: Same as General Authorization model: Implicit Potential mitigations: == Certified (vouched for by trusted 3rd party) == Use cases for certified code: Same as General Authorization model: Implicit Potential mitigations: Notes: It would be great if the spec also specified that the phone /needs to/should/ provide a resource consumption manager. That way concerned users could see which trusted/certified apps are responsible for a short battery life, if the phone is being drained too fast. [apf] On Apr 15, 2012, at 11:18 PM, Lucas Adamski wrote: > Please reply-to [email protected] > > Name of API: Resource Lock API > Reference: https://bugzilla.mozilla.org/show_bug.cgi?id=697132 > > Brief purpose of API: Prevent the screen from being dimmed or switched off > General Use Cases: Request a lock to stop the screen from being dimmed, even > if the user is idle (eg. watching a movie) > > Inherent threats: Drain power, annoyances > > Threat severity: Low > > == Regular web content (unauthenticated) == > Use cases for unauthenticated code: Same as General > Authorization model for normal content: Explicit > Authorization model for installed content:Implicit > Potential mitigations: > > == Trusted (authenticated by publisher) == > Use cases for authenticated code: Same as General > Authorization model: > Potential mitigations: > > == Certified (vouched for by trusted 3rd party) == > Use cases for certified code: Same as General > Authorization model: > Potential mitigations: _______________________________________________ dev-security mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security
