WebAPI Security Discussion: Sensor API

Lucas Adamski Tue, 08 May 2012 11:41:56 -0700

Please reply-to dev-weba...@lists.mozilla.org

Name of API: Sensor API
Reference: 
https://bugzilla.mozilla.org/show_bug.cgi?id=697361
http://dvcs.w3.org/hg/dap/raw-file/tip/sensor-api/


Brief purpose of API: Let apps access environmental sensor data gathered by 
devices.
General Use Cases: None

Inherent threats:Privacy

Threat severity: Moderate

== Regular web content (unauthenticated) ==
Use  cases for unauthenticated code: Monitor environmental sensor data like 
temperature, barometer,  magnetic field, 
Authorization model for normal content: Explicit
Authorization model for installed content: Implicit
Potential mitigations: Only available to top-level content while focused

== Trusted (authenticated by publisher) ==
Use cases for authenticated code: Same
Use cases for trusted code: Implicit
Potential mitigations: 

== Certified (vouched for by trusted 3rd party) ==
Use cases for certified code:
Backlight Dimming based on ambient light
Screen-off based on proximity
Authorization model: Implicit
Potential mitigations:

Note: Many device sensor and motion use cases already covered by 
DeviceOrientation / DeviceMotion API 
(http://dev.w3.org/geo/api/spec-source-orientation.html)
_______________________________________________
dev-security mailing list
dev-security@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security

WebAPI Security Discussion: Sensor API

Reply via email to