177
edits
B2G App Security Model/Threat Model: Difference between revisions
B2G App Security Model/Threat Model (view source)
Revision as of 00:14, 17 March 2012
, 17 March 2012no edit summary
No edit summary |
|||
| Line 1: | Line 1: | ||
== Definitions == | |||
Definitions for the following phrases are missing from this document: | |||
* CSP | |||
* HSTS | |||
* Web Apps | |||
* Static Web Apps | |||
* B2G platform | |||
== Scope of this Document == | |||
The scope of this document covers the following: TBD | |||
==Threats Summary== | ==Threats Summary== | ||
In order to discuss the permissions model for B2G, we need to discuss the threats posed. By default Web Apps are untrusted, not unlike any other web page, and therefore the permissions available to them are limited. The goal is to mitigate the threats faced by Web Apps to a level where they can be trusted to perform sensitive functions. Note that this should be a considered an initial draft as use cases and system design of B2G is still under discussion. | In order to discuss the permissions model for B2G, we need to discuss the threats posed. By default Web Apps are untrusted, not unlike any other web page, and therefore the permissions available to them are limited. The goal is to mitigate the threats faced by Web Apps to a level where they can be trusted to perform sensitive functions. Note that this should be a considered an initial draft as use cases and system design of B2G is still under discussion. | ||