19
edits
Labs/Ubiquity/Roadmap: Difference between revisions
Jump to navigation
Jump to search
→Ubiquity 0.7: The Web-of-Trust Security Model
| Line 108: | Line 108: | ||
Late Q3, 2009 | Late Q3, 2009 | ||
Because of the growing user population, this release will need to focus on security. With the growing user population, sooner or later someone will start writing malicious Ubiquity commands. We will try to combat this by using the power of networked users for good instead of evil. Our longstanding plans for a "web of trust" security model will require several improvements to the infrastructure of command subscription. First, Ubiquity will need to know who your friends are, so that it can see what commands your friends have recommended subscribing to, and what commands they've recommended avoiding. | Because of the growing user population, this release will need to focus on security. With the growing user population, sooner or later someone will start writing malicious Ubiquity commands. We will try to combat this by using the power of networked users for good instead of evil. Our longstanding plans for a "[[Labs/Ubiquity/TrustNetwork|web of trust]]" security model will require several improvements to the infrastructure of command subscription. First, Ubiquity will need to know who your friends are, so that it can see what commands your friends have recommended subscribing to, and what commands they've recommended avoiding. | ||
Second, commands will no longer be able to have direct access to third-party servers through XHRs, or to the XPCOM components in the Mozilla platform. Instead, they will have to make API calls through a security layer. This security layer will identify exactly what permissions a command is requesting, so that when a user subscribes to it, Ubiquity can tell that user in a plain, human-readable way exactly what is being requested: "This command wants permission to write to your filesystem", for instance, or "This command wants to contact the site www.sendmealotofspam.com." | Second, commands will no longer be able to have direct access to third-party servers through XHRs, or to the XPCOM components in the Mozilla platform. Instead, they will have to make API calls through a security layer. This security layer will identify exactly what permissions a command is requesting, so that when a user subscribes to it, Ubiquity can tell that user in a plain, human-readable way exactly what is being requested: "This command wants permission to write to your filesystem", for instance, or "This command wants to contact the site www.sendmealotofspam.com." | ||