Confirmed users
717
edits
(links at top and bottom for context) |
No edit summary |
||
Line 1: | Line 1: | ||
Name of API: [[WebAPI/ContactsAPI|Contacts API]] | Name of API: [[WebAPI/ContactsAPI|Contacts API]] | ||
References: | |||
*https://wiki.mozilla.org/WebAPI/ContactsAPI | |||
*[[WebAPI]] | |||
*[[WebAPI/ContactsAPI]] | |||
Brief purpose of API: Access to users contacts. | Brief purpose of API: Access to users contacts. | ||
Line 17: | Line 20: | ||
Use cases for unauthenticated code: Mediated access to specific (user selected) contact | Use cases for unauthenticated code: Mediated access to specific (user selected) contact | ||
information | information | ||
*Authorization model for uninstalled web content: OS mediated (web activities, or trusted UI) | |||
Authorization model for uninstalled web content: OS mediated (web | *Authorization model for installed web content: OS mediated (web activities, or trusted UI) | ||
activities, or trusted UI) | |||
Authorization model for installed web content: OS mediated (web | |||
activities, or trusted UI) | |||
Potential mitigations: | Potential mitigations: | ||
* App requests a contact via web activities or trusted UI | *App requests a contact via web activities or trusted UI | ||
* API provides a local identifier instead of the actual contact information | *API provides a local identifier instead of the actual contact information | ||
== Trusted (authenticated by publisher) == | == Trusted (authenticated by publisher) == | ||
Use cases for authenticated code: Create, read or edit contact information | Use cases for authenticated code: Create, read or edit contact information | ||
*Authorization model: Explicit | |||
Authorization model: Explicit | |||
Potential mitigations: | Potential mitigations: | ||
Line 38: | Line 37: | ||
== Certified (vouched for by trusted 3rd party) == | == Certified (vouched for by trusted 3rd party) == | ||
Use cases for certified code: Create, read or edit contact information | Use cases for certified code: Create, read or edit contact information | ||
*Authorization model: Implicit | |||
Authorization model: Implicit | |||
Potential mitigations: None | Potential mitigations: None | ||
__NOTOC__ | |||