WebAPI/Security/Wifi

From MozillaWiki
< WebAPI‎ | Security
Revision as of 11:04, 25 June 2012 by Ptheriault (talk | contribs) (Created page with "==Web Bluetooth API== Reference: https://bugzilla.mozilla.org/show_bug.cgi?id=674737 https://wiki.mozilla.org/WebAPI/WebBluetooth Brief purpose of API: The aim of WebBluetooth i...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Web Bluetooth API

Reference: https://bugzilla.mozilla.org/show_bug.cgi?id=674737 https://wiki.mozilla.org/WebAPI/WebBluetooth

Brief purpose of API: The aim of WebBluetooth is to establish a DOM API to set up and communicate with Bluetooth devices. This includes setting properties on adapters and devices, scanning for devices, bonding, and socket initialization for audio and communication.

General Use Cases:

Inherent threats: Privacy, access to sensitive user devices, de-anonimization based on bluetooth state

Threat severity: high

Regular web content (unauthenticated)

Use cases: None Authorization model for normal content: None Authorization model for installed content: None Potential mitigations:

Trusted (authenticated by publisher)

Use cases: None Authorization model: None Potential mitigations:

Certified (vouched for by trusted 3rd party)

Use cases: Read bluetooth adapter state Start/Stop device discovery List discovered devices Pair with device Authorization model: Implicit Potential mitigations: Status indicator showing active bluetooth connection, user can click the status indicator to cancel the connection. Any limit on types of devices?

Notes: Non-certified use cases are out of scope for 1.0. We will consider those for a subsequent release.

Retrieved from "https://wiki.allizom.org/index.php?title=WebAPI/Security/Wifi&oldid=445023"