3
edits
CloudServices/Notifications/Push/API: Difference between revisions
Jump to navigation
Jump to search
CloudServices/Notifications/Push/API (view source)
Revision as of 22:03, 5 February 2012
, 5 February 2012→Feedback
m (→Feedback) |
Psychodrive (talk | contribs) |
||
| Line 135: | Line 135: | ||
* Why the middle man Mozilla? Decentralization is a core principle of the Internet. | * Why the middle man Mozilla? Decentralization is a core principle of the Internet. | ||
-- Ben Bucksch | -- Ben Bucksch | ||
</blockquote> | |||
<blockquote> | |||
Re: spoofing (@Gerv) | |||
From a security viewpoint, the obvious choice is digital signatures. However, client-side (in this case the notifying website) developers who aren't familiar with PKI often find it too complex, resulting in a lack of third-party API implementations (see OAuth!). If Mozilla intends to develop, distribute and support the client API themselves, this is less of an issue. If this is not the case, OAuth 2.0 has some non-PKI options. Implementing all of the OAuth 2.0 protocol may be too heavyweight, but it would at least offer some inspiration. | |||
Note. The designers should also consider verifying the integrity and source of notifications received by the browser. | |||
-- Ryan Schipper | |||
</blockquote> | </blockquote> | ||
</i> | </i> | ||