Updated proposal. Please reply-to dev-weba...@lists.mozilla.org Name of API: Open Web App API Reference: https://developer.mozilla.org/en/OpenWebApps/The_JavaScript_API
Brief purpose of API: The Open Web Apps JavaScript API is a programmatic interface for installing Web apps and for managing a client-side collection of Web apps that a user has installed. General Use Cases: * Install an app - navigator.mozApps.install(url, [install_data]) * A web page can check if it is installed - navigator.mozApps.getSelf() * Return a list of installed apps installed by this domain - navigator.mozApps.getInstalled() Inherent threats: * Installation grants some minor additional privileges * Access to install an app on another domain introduces risks * Privacy (users can be identified by list of apps) Threat severity: Low for Installation API, High for Management API == Regular web content (unauthenticated) == Use cases for unauthenticated code: Just the general cases as above. Authorization model for normal content: Explicit for install (OS Mediated), Implicit for check status Authorization model for installed content: Explicit for install (OS Mediated), Implicit for check status Potential mitigations: getInstalled() only returns the apps installed by the current domain == Trusted (authenticated by publisher) == Use cases for authenticated code: A "dashboard" can manage and launch Apps on the users behalf A "dashboard" can monitor the state of logged in applications Authorization model: Implicit, except Remove App is Explicit (OS Mediated) Potential mitigations: * uninstall() is a method of the application object itself. Since you can only get apps that you installed from (using getInstalled()) or yourself (using getSelf()) this mitigates the risks. [fabrice] == Certified (vouched for by trusted 3rd party) == Use cases for certified code: Same as trusted Authorization model: Implicit Potential mitigations: Only apps having high privileges can use mgmt.getAll() to see cross-stores installs. [fabrice] On Apr 15, 2012, at 11:08 PM, Lucas Adamski wrote: > Please reply-to dev-weba...@lists.mozilla.org > > Name of API: Open Web App API > Reference: https://developer.mozilla.org/en/OpenWebApps/The_JavaScript_API > > Brief purpose of API: The Open Web Apps JavaScript API is a programmatic > interface for installing Web apps and for managing a client-side collection > of Web apps that a user has installed. > > General Use Cases: > * Install an app - navigator.mozApps.install(url, [install_data]) > * A web page can check if it is installed - navigator.mozApps.getSelf() > * Return a list of installed apps installed by this domain - > navigator.mozApps.getInstalled() > > Inherent threats: > * Installation grants some minor additional privileges > * Access to install an app on another domain introduces risks > * Privacy (users can be identified by list of apps) > > Threat severity: Low for Installation API, High for Management API > > == Regular web content (unauthenticated) == > Use cases for unauthenticated code: Just the general cases as above. > Authorization model for normal content: Explicit for install (OS Mediated), > Implicit for check status > Authorization model for installed content:Explicit for install (OS Mediated), > Implicit for check status > Potential mitigations: getInstalled() only returns the apps installed by the > current domain > > == Trusted (authenticated by publisher) == > Use cases for authenticated code: > A "dashboard" can manage and launch Apps on the users behalf > A "dashboard" can monitor the state of logged in applications > Authorization model: Implicit, execpt Remove App is Explicit (OS Mediated) > Potential mitigations: > > == Certified (vouched for by trusted 3rd party) == > Use cases for certified code: Same as trusted > Authorization model: Implicit > Potential mitigations: > > Note: not sure if management functions belong in trusted or privileged. This > is probably a subject for discussion. _______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security
