- From: Mounir Lamouri <mounir@lamouri.fr>
- Date: Mon, 18 Feb 2013 16:37:17 +0000
- To: public-sysapps@w3.org
On 18/02/13 14:26, John Lyle wrote: > On 18/02/13 13:11, Jungkee Song wrote: >>> >* Security model * >>> > >>> >The fact that you guys have three levels of security instead of two is >>> >interesting. What use cases did you had in mind? >>> >(Actually, we also have three levels of security but the third one >>> is more >>> >or less a "chrome-only" level which is mostly to not allow access to >>> >something so it's more an implementation detail.) >>> > >> In our proposal, for example, unsigned side-loaded apps could be >> untrusted applications; signed packaged apps downloaded from app store >> could be trusted applications; pre-loaded apps from OEM or operators >> could be privileged applications. > > We have the same kind of requirements in webinos - applications > pre-loaded by OEMs (BMW being our main example) need to be distinguished > from trusted applications from other parties in order to protect certain > APIs. I was under the impression that B2G also had three very similar > levels? That is true, but we had no intention to push this to a specification given that it is a special case on our side to protect some APIs from being used by third parties. It is not clear to me what would be the interest of standardizing APIs that can't be used by third parties. In other words, if you have to be a built-in app in Firefox OS, Tizen or Webinos to use Foo API, having Foo API being interoperable has a very low value given that those built-in applications will already be very specific to the platform. Our current plan is to have no certified-only APIs at some point unless we have to restrict them for legal reasons (I've heard that it might be needed for Telephony for certification purposes). What kind of APIs are restricted to built-in apps in Webinos and Tizen? Cheers, -- Mounir
Received on Monday, 18 February 2013 16:37:50 UTC