- From: Jonas Sicking <jonas@sicking.cc>
- Date: Thu, 21 Feb 2013 11:48:03 -0800
- To: Janusz Majnert <j.majnert@samsung.com>
- Cc: public-sysapps@w3.org
On Thu, Feb 21, 2013 at 3:00 AM, Janusz Majnert <j.majnert@samsung.com> wrote: > Hi, > > > On 2013-02-19 16:56, Mounir Lamouri wrote: >> >> On 18/02/13 17:38, John Lyle wrote: >>> >>> I guess the main value in standardising a 'certified' level is that it >>> would allow a manufacturer with this requirement to implement an API on >>> multiple web app platforms with similar access control and security >>> expectations. However, I agree that this is a fairly small aspect of >>> the security model, and the benefit of standardisation is minimal. But >>> as it is common to webinos, Tizen and Firefox OS (sorry, I'll stop >>> calling it B2G soon) perhaps it would be harmless to make it an optional >>> part of the specification? >> >> >> Your usage of the third level seems to be very close to ours then. I >> wouldn't mind specifying that third level but I'm not sure all our >> implementations give access to that third level the same way. Also, I'm >> not sure any standardized API will ever request to be limited to that >> third level. But I guess adding the level wouldn't hurt and we could >> simply remove it if it appears to be useless. > > > I think there is no reason to specify the third level if we already assume > it's going to be just for platform-specific or proprietary APIs. We should > however make sure that the spec doesn't prohibit implementations adding it > on their own. > > Another issue I wanted to bring up here is the number of "trust levels" in > the specification. Do you think 2 is enough? > With 2 levels, we would have to put all security and privacy sensitive APIs > in the second (trusted) level. It's an all-or-nothing situation. Wouldn't it > be better to separate this level into two and allow implementations to > configure how the APIs are distributed among them? I actually think that specifying a 3rd level for "built in" or "certified" apps is something that we'll need to do. We are already in the Sysapps WG working on two APIs which at least in Firefox OS requires that security level. The Telephony API and the SMS API currently in Firefox OS is only exposed to "certified" apps. Ideal is of course if we can some day change that and expose the API more widely. But I don't think that that will happen before we do the initial release of those APIs. And for Telephony we might never be able to expose it more widely due to regulatory requirements. Additionally, specifying a 3rd level is likely not going to be a lot of extra work. At least in Firefox OS the "only" difference between "privileged" and "certified" apps is which APIs they have access to, and we also use a slightly different CSP policy for certified apps (though that might not be needed). So the extra specification work is essentially to say that the "certified" level exists and behaves like the "privileged" level, and then for various APIs indicate that they are only exposed to "certified" apps rather than "privileged" apps. But I definitely think that our ultimate goal should be to move as many of the APIs to as low level as possible. Or at least as much as possible for the various APIs to as low level as possible. So for example the SMS API might have a subset which is only exposed to certified apps, whereas the ability to be notified of incoming messages is exposed to privileged apps, and the ability to read the database of stored messages is exposed to normal apps. (Just to pull an example out of thin air). / Jonas
Received on Thursday, 21 February 2013 19:49:04 UTC