- From: John Lyle <john.lyle@cs.ox.ac.uk>
- Date: Mon, 18 Feb 2013 14:26:46 +0000
- To: public-sysapps@w3.org
On 18/02/13 13:11, Jungkee Song wrote: >> >* Security model * >> > >> >The fact that you guys have three levels of security instead of two is >> >interesting. What use cases did you had in mind? >> >(Actually, we also have three levels of security but the third one is more >> >or less a "chrome-only" level which is mostly to not allow access to >> >something so it's more an implementation detail.) >> > > In our proposal, for example, unsigned side-loaded apps could be untrusted applications; signed packaged apps downloaded from app store could be trusted applications; pre-loaded apps from OEM or operators could be privileged applications. We have the same kind of requirements in webinos - applications pre-loaded by OEMs (BMW being our main example) need to be distinguished from trusted applications from other parties in order to protect certain APIs. I was under the impression that B2G also had three very similar levels? https://wiki.mozilla.org/Apps/Security#Types_of_applications To satisfy our use-cases we have a policy system that sets default permissions and rules based on the name of the signing authority, or the author, or [insert arbitrary other attribute]. The difference with the Samsung proposal is that the three categories are fixed, so there's no opportunity to change the number or meaning. The Samsung proposal is much more straightforward, however, and we would have no problem conforming with it. As a side note: I like the 'browsing context' approach because it will also provide an opportunity to describe how the application rendering environment might impact permissions and behaviour. For instance, a browsing context might be 'untrusted' because it is running an untrusted application or because it has untrusted extensions installed. Best wishes, John
Received on Monday, 18 February 2013 14:27:13 UTC