MozillaWiki

WebAPI/Security/WebNFC

< WebAPI‎ | Security
Revision as of 13:15, 25 June 2012 by Ladamski (talk | contribs) (Created page with "Name of API: WebNFC API Reference:<br> https://wiki.mozilla.org/WebAPI/WebNFC https://bugzilla.mozilla.org/show_bug.cgi?id=674741 Brief purpose of API: Allow core (certified) a...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Name of API: WebNFC API

Reference:
https://wiki.mozilla.org/WebAPI/WebNFC https://bugzilla.mozilla.org/show_bug.cgi?id=674741

Brief purpose of API: Allow core (certified) apps to interact directly with NFC devices General Use Cases:

Inherent threats:

  • Theft of sensitive data
  • Device compromise (configuring NFC device)
  • Potential for financial impact (payments via NFC)

Threat severity: Critical

Regular web content (unauthenticated)

Use cases for unauthenticated code: None

Authorization model for normal content: None

Authorization model for installed content: None

Potential mitigations: N/A

Trusted (authenticated by publisher)

Same as for installed unauthenticated app

Certified (vouched for by trusted 3rd party)

Use cases for certified code:

  • Configure, enable/disable NFC devices.
  • Interact with NFC devices.
  • Manage NFC payments.

Authorization model for normal content: Implicit

Retrieved from "https://wiki.allizom.org/index.php?title=WebAPI/Security/WebNFC&oldid=445086"