WebAPI/Security/Contacts: Difference between revisions

Revision as of 12:32, 24 September 2012

Brief purpose of API: Access to users contacts.

General Use Cases:N/A

Inherent threats:

Threat severity: High

References:

Type	Use Cases	Authorization Model	Notes & Other Controls
Web Content	None	No direct access (access via web activities)	App requests a contact via web activities or trusted UI API provides a local identifier instead of the actual contact information
Installed Web Apps	None	No direct access (access via web activities)	App requests a contact via web activities or trusted UI API provides a local identifier instead of the actual contact information
Privileged Web Apps	Create, read or edit contact information	Explicit	Let user configure what data is accessible (globally?) Have separate permissions for read vs read&write, assuming that many apps only want read, and could use web activities to create a contact if necessary. These distinctions should not be exposed to the user (the user should be only be asked if the API wants to "have access to" the contacts API, as it adds too much cognitive overhead to start scanning dialogs for the verb without clearly differentiating the risk to the user).
Certified Web Apps	Create, read or edit contact information	Implicit

@@ Line 29: / Line 29: @@
 *API provides a local identifier instead of the actual contact information
 |-
-| Installed Web Apps || None || No access (access via web activities)||
+| Installed Web Apps || None || No direct access (access via web activities)||
 *App requests a contact via web activities or trusted UI
 *API provides a local identifier instead of the actual contact information