Final call for comments on this API. Please reply to [email protected] before COB Jun 4.
On Thursday, 10 May 2012 04:31:31 UTC+10, Lucas Adamski wrote: > Please reply-to [email protected] > > Name of API: Web Bluetooth API > Reference: https://bugzilla.mozilla.org/show_bug.cgi?id=674737 > https://wiki.mozilla.org/WebAPI/WebBluetooth > > Brief purpose of API: The aim of WebBluetooth is to establish a DOM API to > set up and communicate with Bluetooth devices. This includes setting > properties on adapters and devices, scanning for devices, bonding, and > socket initialization for audio and communication. > > General Use Cases: > > Inherent threats: Privacy, access to sensitive user devices, de-anonimization > based on bluetooth state > > Threat severity: high > > == Regular web content (unauthenticated) == > Use cases: None > Authorization model for normal content: None > Authorization model for installed content: None > Potential mitigations: > > == Trusted (authenticated by publisher) == > Use cases: None > Authorization model: None > Potential mitigations: > > == Certified (vouched for by trusted 3rd party) == > Use cases: > Read bluetooth adapter state > Start/Stop device discovery > List discoverd devices > Pair with device > Authorization model: Implicit > Potential mitigations: Status indicator showing active bluetooth connection, > user can click the status indicator to cancel the connection. Any limit on > types of devices? > > Notes: Non-certified use cases are out of scope for 1.0. We will consider > those for a subsequent release. _______________________________________________ dev-security mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security
