- From: Mounir Lamouri <mounir@lamouri.fr>
- Date: Mon, 25 Feb 2013 17:18:16 +0000
- To: public-sysapps@w3.org
On 21/02/13 11:00, Janusz Majnert wrote: > Another issue I wanted to bring up here is the number of "trust levels" > in the specification. Do you think 2 is enough? > With 2 levels, we would have to put all security and privacy sensitive > APIs in the second (trusted) level. It's an all-or-nothing situation. It could indeed easily be a "all or nothing" situation but I believe we can make that not happen. We need, for each API, to try to make it available to all applications by default and, if we really can't, move to privileged applications. Having an ecosystem where you need to be privileged to access most APIs is going to fail so we should make sure that any restriction has strong reasons to exist. For example, I think the equivalent of Raw Socket API is currently restricted to privileged (or certified?) applications in Firefox OS but the only harm that I can think of is listening to some ports (that would allow an application to snif your un-encrypted emails and browsing). To fix that, a solution would be to forbid connections on some ports or have specific permissions for them. I am not sure why such a solution wouldn't work for all applications (non-privileged included). > Wouldn't it be better to separate this level into two and allow > implementations to configure how the APIs are distributed among them? I think that would be worse than a "all or nothing situation" because some runtime will allow Foo API to be used by any installed applications and some runtime will not and at the end APP A that uses Foo API will only be usable on the runtimes allowing it to run without being privileged. -- Mounir
Received on Monday, 25 February 2013 17:18:48 UTC