Gaia/System/Security: Difference between revisions

Jump to navigation Jump to search

Gaia/System/Security (view source)

Revision as of 21:10, 7 June 2012

2,892 bytes removed ,  7 June 2012
Replaced content with "Contents spread into other sections or dedicated items."
(Replaced content with "Contents spread into other sections or dedicated items.")
 
Line 1: Line 1:
==Status==
Contents spread into other sections or dedicated items.
 
* Stage: Development
* Release target: [https://wiki.mozilla.org/B2G/Schedule_Roadmap#Milestone_3_.5BAlpha.5D B2G Milestone 3 [Alpha]], Q2 2012
 
== Team ==
 
* UX: Patryk Adamczyk (IRC: patryk)
* UX: Josh Carpenter (IRC: jcarpenter)
* Eng: Chris Jones (IRC: cjones)
* Eng: Andreas
 
== Reading ==
 
* dev-B2G "OpenWebApps/B2G Security model"
* https://wiki.mozilla.org/Apps/Security
 
= Device Security =
 
=== Questions ===
Need to outline device security mechanisms.
 
* '''What should we expect M3 release?'''
* Which unlock mechanisms do we support? eg:
** PIN
** Input pattern
* Do we enable combined unlock mechanisms, such as SIM PIN + device PIN + input pattern?
* Do we enable remote-wiping or account-shutdown of devices?
* What sort of data encryption do we build in?
* What data stored on the device?
 
= App Installation Security =
 
''Last updated: Mar 28, 2012 (Patryk Adamczyk)''
''Ties in with App Management process''
 
=== Questions ===
* What flows do we need for app installation?
* How much will be provided by Apps team?
 
=== Notes from  Chris Jones notes (Thursday March 22) ===
* Focus on flows:
** Install from an App Store (extensive prior art).
** Install from Browser (interesting new problems)
* Everything we install on phone is secure, and never has any required user permissions management. You CAN tweak the permissions, but you don't HAVE to.
* Web Browser, on the other hand, is tricky: it will be loading untrusted content.
** User flow for discovering web site can be installed as web app... ''Not sure what was meant by this.. Related to saving bookmarks as home screen apps, ala iOS?''
** Dialogue coming up, prompting to install...
** Could use Firefox doorhanger model for installation... Not best, though.
* Permissions authorization:
** Scenario: the user installs an app from Marketplace. They are prompted to specify whether to grant ALL or NONE of permissions. If they selects NONE, then we need model for asking permissions on a more granular basis.
*** Contextual menu?
*** Adjust from Settings app?
** "No mobile OS has good solution for granting process as you go."
* "Same user doing same process in Browser, should be slightly similar".
 
=== Telefonica notes ===
 
Define complete security model, permissions, using them in the manifest, management by end-user, policy defined by the operator, flexibility for end-users to change policy/app permissions
 
Different plans:
 
* APIs and capabilities avaible
* Identify level of trust of developres/applications: tracking, metrics, user feedback
* Link APIs to level of trust, which APIs are allowed depending on the level of trust and under which conditions: prompting, log-in, etc...
 
= Lock Screen Security =
 
=== Questions ===
 
* What mechanisms do we allow for unlocking the device?
* Do we allow users to shortcut to certain functions, without unlocking?
** Music playback controls
** Camera shortcut
** Notification shortcuts
** Etc.
Joshcarpenter
816

edits

Retrieved from "https://wiki.allizom.org/Special:MobileDiff/439143"

Navigation menu