WebAPI/Security/ResourceLock

From MozillaWiki
< WebAPI‎ | Security
Revision as of 01:07, 2 May 2012 by Ladamski (talk | contribs) (Created page with "Name of API: Resource Lock API Reference: https://bugzilla.mozilla.org/show_bug.cgi?id=697132 Security Discussion: https://groups.google.com/group/mozilla.dev.webapps/browse_th...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Name of API: Resource Lock API

Reference: https://bugzilla.mozilla.org/show_bug.cgi?id=697132

Security Discussion: https://groups.google.com/group/mozilla.dev.webapps/browse_thread/thread/20372fc7d949f57c/3af154eb549703d5

Brief purpose of API: Prevent the screen from being dimmed or switched off

General Use Cases: Request a lock to stop the screen from being dimmed, even if the user is idle (eg. watching a movie)

Inherent threats: Drain power, annoyances

Threat severity: Low

Regular web content (unauthenticated)

Use cases for unauthenticated code: Same as General

Authorization model for normal content: Implicit for fullscreen only, explicit otherwise

Authorization model for installed content: Implicit

Potential mitigations:

Trusted (authenticated by publisher)

Use cases for authenticated code: Same as General

Authorization model: Implicit

Potential mitigations:

Certified (vouched for by trusted 3rd party)

Use cases for certified code: Same as General

Authorization model: Implicit

Potential mitigations:

Notes: It would be great if the spec also specified that the phone /needs to/should/ provide a resource consumption manager. That way concerned users could see which trusted/certified apps are responsible for a short battery life, if the phone is being drained too fast. [apf]

Retrieved from "https://wiki.allizom.org/index.php?title=WebAPI/Security/ResourceLock&oldid=426296"