WebAPI/Security/OpenWebApp: Difference between revisions

WebAPI/Security/OpenWebApp (view source)

Revision as of 23:30, 6 August 2012

15 bytes removed , 6 August 2012

no edit summary

Ladamski

Confirmed users

717

edits

@@ Line 1: / Line 1: @@
 Name of API: Open Web App API
-Reference: https://developer.mozilla.org/en/OpenWebApps/The_JavaScript_API
+Reference:
+*https://developer.mozilla.org/en/OpenWebApps/The_JavaScript_API
-Security Discussion: https://groups.google.com/group/mozilla.dev.webapps/browse_thread/thread/9ca037e5e4a3698b/375194a4d262a230
+*Security Discussion: https://groups.google.com/group/mozilla.dev.webapps/browse_thread/thread/9ca037e5e4a3698b/375194a4d262a230
 Brief purpose of API: The Open Web Apps JavaScript API is a programmatic interface for installing Web apps and for managing a client-side collection of Web apps that a user has installed.
@@ Line 28: / Line 28: @@
 Potential mitigations: getInstalled() only returns the apps installed by the current domain
-== Trusted (authenticated by publisher) ==
+== Privileged (approved by app store) ==
-Use cases for authenticated code:
+Use cases for privileged code:
 *A "dashboard" can manage and launch Apps on the users behalf
 *A "dashboard" can monitor the state of logged in applications
@@ Line 40: / Line 40: @@
 * uninstall() is a method of the application object itself. Since you can only get apps that you installed from (using getInstalled()) or yourself (using getSelf()) this mitigates the risks. [Fabrice] I don't think that a user expects one app to be able to silently uninstall another app just because it initiated the install in the first place.[Lucas]
-== Certified (vouched for by trusted 3rd party) ==
+== Certified (system-critical apps) ==
 Use cases for certified code:  Same as trusted