WebAPI/Security/Wifi: Difference between revisions

Latest revision as of 23:43, 1 October 2014

Brief purpose of API: Read wifi network information (read-only). All network changes should go through settings API.

General Use Cases: None

Inherent threats: Privacy (identify user, geolocation, based on wifi characteristics)

Threat severity: Moderate

Type	Use Cases	Authorization Model
Web Content	None	No access
Installed Web Apps	None	No access
Privileged Web Apps	Wifi sniffer app	Explicit
Certified Web Apps	Wifi Manager	Implicit

@@ Line 1: / Line 1: @@
-Name of API: Wifi API
+==  Wifi API ==
-Reference:
-*http://groups.google.com/group/mozilla.dev.webapi/browse_thread/thread/ed980c42261c5f4a?pli=1
-*Security discussion: https://groups.google.com/d/topic/mozilla.dev.webapps/zj0YUhJ8dYg/discussion
 Brief purpose of API: Read wifi network information (read-only).  All network changes should go through settings API.
@@ Line 13: / Line 8: @@
 Threat severity: Moderate
-== Regular web content (unauthenticated) ==
+{| border="1" class="wikitable"
-Use cases for unauthenticated code: None
+! Type
+! Use Cases
-Authorization model for normal content:
+! Authorization Model
+! Notes & Other Controls
-Authorization model for installed content:
+|-
+| Web Content || None || No access ||
-Potential mitigations:
+|-
+| Installed Web Apps || None || No access ||
-== Privileged (approved by app store) ==
+|-
-Use cases for privileged code: Wifi sniffer app
+| Privileged Web Apps || Wifi sniffer app || Explicit ||
+|-
-Use cases for trusted code: Explicit
+| Certified Web Apps || Wifi Manager || Implicit ||
+|}
-Potential mitigations:
-== Certified (system-critical apps) ==
-Use cases for certified code: Wifi Manager
-Authorization model: Implicit
-Potential mitigations:
+[[Category:Web APIs]]
+[[Category:Security]]