WebAPI/Security/Sensor

From MozillaWiki
< WebAPI‎ | Security
Revision as of 08:31, 12 June 2012 by Ptheriault (talk | contribs) (Created page with "Name of API: Sensor API Reference: https://bugzilla.mozilla.org/show_bug.cgi?id=697361 http://dvcs.w3.org/hg/dap/raw-file/tip/sensor-api/ Brief purpose of API: Let apps access e...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Name of API: Sensor API Reference: https://bugzilla.mozilla.org/show_bug.cgi?id=697361 http://dvcs.w3.org/hg/dap/raw-file/tip/sensor-api/

Brief purpose of API: Let apps access environmental sensor data gathered by devices. General Use Cases: None

Inherent threats:Privacy

Threat severity: Moderate

Regular web content (unauthenticated)

Use cases for unauthenticated code: Monitor environmental sensor data like temperature, barometer, magnetic field, Authorization model for normal content: Implicit Authorization model for installed content: Implicit Potential mitigations: Only available to top-level content while focused, values throttled/fuzzed to prevent side-channel attacks where applicable. (e.g. password prediction via accelerometer)

Trusted (authenticated by publisher)

Use cases for authenticated code: Same Use cases for trusted code: Implicit Potential mitigations:

Certified (vouched for by trusted 3rd party)

Use cases for certified code: Backlight Dimming based on ambient light Screen-off based on proximity Authorization model: Implicit Potential mitigations:

Note: Many device sensor and motion use cases already covered by DeviceOrientation / DeviceMotion API (http://dev.w3.org/geo/api/spec-source-orientation.html)

Retrieved from "https://wiki.allizom.org/index.php?title=WebAPI/Security/Sensor&oldid=440205"