WebAPI/Security/Contacts: Difference between revisions

Jump to navigation Jump to search
no edit summary
(links at top and bottom for context)
No edit summary
Line 1: Line 1:
Name of API: [[WebAPI/ContactsAPI|Contacts API]]
Name of API: [[WebAPI/ContactsAPI|Contacts API]]


Reference: https://wiki.mozilla.org/WebAPI/ContactsAPI
References:
*https://wiki.mozilla.org/WebAPI/ContactsAPI
*[[WebAPI]]
*[[WebAPI/ContactsAPI]]


Brief purpose of API: Access to users contacts.
Brief purpose of API: Access to users contacts.
Line 17: Line 20:
Use cases for unauthenticated code: Mediated access to specific (user selected) contact
Use cases for unauthenticated code: Mediated access to specific (user selected) contact
information
information
 
*Authorization model for uninstalled web content: OS mediated (web activities, or trusted UI)
Authorization model for uninstalled web content: OS mediated (web
*Authorization model for installed web content: OS mediated (web activities, or trusted UI)
activities, or trusted UI)<br>
Authorization model for installed web content: OS mediated (web
activities, or trusted UI)


Potential mitigations:
Potential mitigations:
* App requests a contact via web activities or trusted UI
*App requests a contact via web activities or trusted UI
* API provides a local identifier instead of the actual contact information
*API provides a local identifier instead of the actual contact information


== Trusted (authenticated by publisher) ==
== Trusted (authenticated by publisher) ==
Use cases for authenticated code: Create, read or edit contact information
Use cases for authenticated code: Create, read or edit contact information
 
*Authorization model: Explicit
Authorization model: Explicit


Potential mitigations:
Potential mitigations:
Line 38: Line 37:
== Certified (vouched for by trusted 3rd party) ==
== Certified (vouched for by trusted 3rd party) ==
Use cases for certified code: Create, read or edit contact information
Use cases for certified code: Create, read or edit contact information
 
*Authorization model: Implicit
Authorization model: Implicit


Potential mitigations: None
Potential mitigations: None


== see also ==
__NOTOC__
* [[WebAPI]]
* [[WebAPI/ContactsAPI]]
Confirmed users
717

edits

Navigation menu