Confirmed users
1,340
edits
WebAPI/Security/Idle: Difference between revisions
no edit summary
mNo edit summary |
No edit summary |
||
| (4 intermediate revisions by one other user not shown) | |||
| Line 1: | Line 1: | ||
==Idle API== | |||
Brief purpose of API: Notify an app if the user is idle.<br> | |||
General Use Cases: Notify a web page is a user is idle (e.g. to change a status in an instant messaging program). | |||
References: | References: | ||
*https://wiki.mozilla.org/WebAPI/IdleAPI | *https://wiki.mozilla.org/WebAPI/IdleAPI | ||
*Security discussion: https://groups.google.com/d/topic/mozilla.dev.webapps/Wxgz7_LKD40/discussion | *Security discussion: https://groups.google.com/d/topic/mozilla.dev.webapps/Wxgz7_LKD40/discussion | ||
Inherent threats: | Inherent threats: | ||
| Line 13: | Line 12: | ||
**Signalling multiple windows at exactly the same time could correlate user identities and compromise privacy | **Signalling multiple windows at exactly the same time could correlate user identities and compromise privacy | ||
**Could be used by a workplace to monitor activity by monitoring system idle | **Could be used by a workplace to monitor activity by monitoring system idle | ||
Threat severity: Low | Threat severity: Low | ||
== | === Permissions Table=== | ||
== | |||
Authorization | {| border="1" class="wikitable" | ||
! Type | |||
! Use Cases | |||
! Authorization Model | |||
|- | |||
| Web Content || None || No access | |||
|- | |||
| Installed Web Apps || None || No access | |||
|- | |||
| Privileged Web Apps || None || No access | |||
|- | |||
| Certified Web Apps || Notify an app if the user is idle. || Implicit | |||
|} | |||
[[Category:Web APIs]] | |||
[[Category:Security]] | |||