WebAPI/Security/Settings: Difference between revisions

WebAPI/Security/Settings (view source)

Revision as of 21:52, 30 July 2012

10 bytes added , 30 July 2012

no edit summary

Ladamski

Confirmed users

717

edits

@@ Line 13: / Line 13: @@
 == Regular web content (unauthenticated) ==
-Use cases for unauthenticated code: Read/change non-sensitive settings
+*Use cases for unauthenticated code: Read/change non-sensitive settings
-Authorization model for normal content: None
+*Authorization model for normal content: None
-Authorization model for installed content: Implicit read access to limited settings. Write access OS mediated.
+*Authorization model for installed content: Implicit read access to limited settings. Write access OS mediated.
-Potential mitigations: Only non-sensitive settings will be exposed to regular apps.
+*Potential mitigations: Only non-sensitive settings will be exposed to regular apps.
 == Trusted (authenticated by publisher) ==
-Use cases for authenticated code: Modify a specific setting - e.g. e-book app modifies brightness in response to lighting conditions
+*Use cases for authenticated code: Modify a specific setting - e.g. e-book app modifies brightness in response to lighting conditions
-Authorization model: Implicit
+*Authorization model: Implicit
-Potential mitigations: Access to a subset of lower risk settings
+*Potential mitigations: Access to a subset of lower risk settings
 == Certified (vouched for by trusted 3rd party) ==
-Use cases for certified code: replacement settings manager app
+*Use cases for certified code: replacement settings manager app
-Authorization model: Implicit access to all settings
+*Authorization model: Implicit access to all settings
-Potential mitigations: None
+*Potential mitigations: None