On Jun 30, 2012, at 9:52 AM, Sid Stamm wrote: > Hi All, > I updated the security model wiki page to reflect the things we talked > about in the late-May thread. The changes were pretty minor since, as a > few people pointed out, the underpinnings of the privacy updates were > already considered in the model! Here's a diff: > > https://wiki.mozilla.org/index.php?title=Apps/Security&diff=446856&oldid=441197 > > There are still a few open issues that I think we can easily iron out. > > 1. For untrusted apps, should we show data usage intentions (rationale) > as permissions are requested? These strings are not reviewed by an app > store, but as Adrienne pointed out, the value may outweigh the risk of > deception.
I tend to agree with Adrienne that the value may outweigh any benefit to a malicious app. > > 2. Format of the field in the manifest. I propose the field name be > "Intended Use", and the value be 128 characters (to keep it easy to > read). Sound good? > > 3. How will users be able to access usage intentions for permissions > that are implicit or for certified apps? Currently they can read the > manifest, but will we build an easier way for them to find 'em at runtime? The current UI for viewing/editing permissions has a brief text description after the setting. Maybe we could also show the "intended use" here somehow, though this may clutter up the current design a little. Also, with the current design (http://people.mozilla.com/~lco/Settings_B2G/Release_1_Specs/R1_Security_and_Privacy_v2.pdf) implicit permissions are not shown (or not as far as I can tell, since they would show as permissions, but mysteriously not be able to be edited). An simple option might be to add an "advanced details" button to the current permissions page, which links to a page which simply details the information that is in the manifest. This page could be designed in such a way to impart the difference between the explicit and implicit permissions. (to prevent the user from wondering why the implicit permissions don't show up in the "edit permissions" page) > > 4. In the developer documentation, should we provide a suggested > formula for the usage intentions? (e.g., "We want {permission} to > obtain {data type} which we will keep {how long and where kept}") or > should we provide some pre-written examples for each permission? This > may be too difficult to get right, but should we try? We should definitely provide guidelines/examples I think. > > > Finally, there's one technical follow-up for the manifest. Does the > below proposal sound like a reasonable approach? I like it. > > 5. How can these strings be localized into the app runtime's chosen > locale? ianb suggested: > { > name: "Stachy (beta)", > permissions: { > "camera": {usage: "To spy on you while you are sleeping"} > }, > locales: { > "es": { > permissions: { > "camera": {usage: "Para espiar a usted mientras usted está > durmiendo"} > } > } > }, > default_locale: "en-US" > } > Are you defining the actual permissions list in multiple places here? (i.e. you switch locales can you get a different set of permissions?) Or is the logic such that the root "permissions" declaration is the one which is used for the list of permissions, and the permissions tags inside the locales are simply used to override the text that is shown in the intended use. I assume the latter, but maybe call the one inside the locales section "permissions_use" or something just to reduce ambiguity? > Cheers, > Sid > _______________________________________________ > dev-webapps mailing list > [email protected] > https://lists.mozilla.org/listinfo/dev-webapps _______________________________________________ dev-webapps mailing list [email protected] https://lists.mozilla.org/listinfo/dev-webapps
