MozillaWiki

WebAPI/Security/Wifi: Difference between revisions

Page Discussion

WebAPI/Security/Wifi (view source)

Revision as of 23:43, 1 October 2014

678 bytes removed ,  1 October 2014
no edit summary
(Created page with "==Web Bluetooth API== Reference: https://bugzilla.mozilla.org/show_bug.cgi?id=674737 https://wiki.mozilla.org/WebAPI/WebBluetooth Brief purpose of API: The aim of WebBluetooth i...")
 
No edit summary
 
(4 intermediate revisions by 2 users not shown)
Line 1: Line 1:
==Web Bluetooth API==
== Wifi API ==
Reference: https://bugzilla.mozilla.org/show_bug.cgi?id=674737
Brief purpose of API: Read wifi network information (read-only). All network changes should go through settings API.
https://wiki.mozilla.org/WebAPI/WebBluetooth


Brief purpose of API: The aim of WebBluetooth is to establish a DOM API to set up and  communicate with Bluetooth devices.  This includes setting properties on  adapters and devices, scanning for devices, bonding, and socket initialization for audio and communication.
General Use Cases: None


General Use Cases:
Inherent threats: Privacy (identify user, geolocation, based on wifi characteristics)


Inherent threats: Privacy, access to sensitive user devices, de-anonimization based on bluetooth state
Threat severity: Moderate


Threat severity: high
{| border="1" class="wikitable"
! Type
! Use Cases
! Authorization Model
! Notes & Other Controls
|-
| Web Content || None || No access ||
|-
| Installed Web Apps || None || No access ||
|-
| Privileged Web Apps || Wifi sniffer app || Explicit ||
|-
| Certified Web Apps || Wifi Manager || Implicit ||
|}


== Regular web content (unauthenticated) ==
[[Category:Web APIs]]
Use cases: None
[[Category:Security]]
Authorization model for normal content: None
Authorization model for installed content: None
Potential mitigations:
 
== Trusted (authenticated by publisher) ==
Use  cases: None
Authorization model: None
Potential mitigations:
 
== Certified (vouched for by trusted 3rd party) ==
Use cases:
Read bluetooth adapter state
Start/Stop device discovery
List discovered devices
Pair with device
Authorization model: Implicit
Potential mitigations:  Status indicator showing active bluetooth connection, user can click the  status indicator to cancel the connection.  Any limit on types of devices?
 
Notes: Non-certified use cases are out of scope for 1.0.  We will consider those for a subsequent release.
Chaasof
Confirmed users
1,340

edits

Retrieved from "https://wiki.allizom.org/Special:MobileDiff/445023...1021355"