WebAPI/Security/Alarm: Difference between revisions

From MozillaWiki
Jump to navigation Jump to search
No edit summary
No edit summary
 
(3 intermediate revisions by 2 users not shown)
Line 1: Line 1:
Name of API: Alarm API
== Alarm API==
 
Reference:<br>
https://groups.google.com/d/topic/mozilla.dev.webapi/pkx1uz_pnhQ/discussion<br>
http://groups.google.com/group/mozilla.dev.webapps/browse_thread/thread/29f1efb730a9c17/5fd64f1fefe0ddd8
 
Brief purpose of API: Let apps set timers to wake up at a specified time
Brief purpose of API: Let apps set timers to wake up at a specified time
General Use Cases:  
General Use Cases:  
*Implement an alarm reminder app by setting an alarm intent for a future time
*Implement an alarm reminder app by setting an alarm intent for a future time
*Set an alarm to ping a server at a specific time or set interval
*Set an alarm to ping a server at a specific time or set interval
Reference:<br>
*https://developer.mozilla.org/en-US/docs/API/Alarm_API
*https://groups.google.com/d/topic/mozilla.dev.webapi/pkx1uz_pnhQ/discussion
*http://groups.google.com/group/mozilla.dev.webapps/browse_thread/thread/29f1efb730a9c17/5fd64f1fefe0ddd8


Inherent threats: Annoyance
Inherent threats: Annoyance


Threat severity: Low
Threat severity: Low
=== Permissions Table===


== Regular web content (unauthenticated) ==
{| border="1" class="wikitable"
Use cases for unauthenticated code: Relaunch the app via an alarm intent at a future time
! Type
 
! Use Cases
Authorization model for normal content: None
! Authorization Model
 
! Notes & Other Controls
Authorization model for installed content: Implicit
|-
 
| Web Content || None || No access
Potential mitigations: Should be a way to disable alarm for a given app
|-
 
| Installed Web Apps || General use cases || Implicit || Should be a way to disable alarm for a given app
== Trusted (authenticated by publisher) ==
|- 
Same as for installed untrusted app
| Privileged Web Apps || General use cases || Implicit || Should be a way to disable alarm for a given app
|-
| Certified Web Apps || General use cases || Implicit|| Should be a way to disable alarm for a given app
|}


== Certified (vouched for by trusted 3rd party) ==
[[Category:Web APIs]]
Same as for installed untrusted app
[[Category:Security]]

Latest revision as of 23:39, 1 October 2014

Alarm API

Brief purpose of API: Let apps set timers to wake up at a specified time General Use Cases:

  • Implement an alarm reminder app by setting an alarm intent for a future time
  • Set an alarm to ping a server at a specific time or set interval

Reference:

Inherent threats: Annoyance

Threat severity: Low

Permissions Table

Type Use Cases Authorization Model Notes & Other Controls
Web Content None No access
Installed Web Apps General use cases Implicit Should be a way to disable alarm for a given app
Privileged Web Apps General use cases Implicit Should be a way to disable alarm for a given app
Certified Web Apps General use cases Implicit Should be a way to disable alarm for a given app
Retrieved from "https://wiki.allizom.org/index.php?title=WebAPI/Security/Alarm&oldid=1021329"