Re: [Execution and Security Model] Proposal from Samsung Electronics

On 2013-03-01 18:24, Dave Raggett wrote:
> On 27/02/13 22:01, Mounir Lamouri wrote:
>> I think both systems should be allowed by the specification and I do not
>> think that the specification should forces a particular system. My
>> current idea is to have a chain of trust:
>>   - the runtime trusts some marketplaces;
>>   - the marketplace marks some applications as trusted.
>> If the user install an application marked as trusted by the marketplace
>> and the marketplace is trusted, the application will have access to
>> privileged APIs.
>
> If the user marks a marketplace as trusted is there a way for the
> marketplace to remove apps from the user's device, that have been found
> to breach guidelines, and as such are untrusted?
There should be. I'm not sure if we can assume that uninstalling such an 
app is the proper way to go - the app might hold some information 
valuable to the user. Besides, if the author of the app is not 
malicious, we should allow them to push an update.
In WAC we decided that a "revoked" app was blocked from being run. This 
allowed the user to decide what to do with it.

/Janusz

Received on Monday, 4 March 2013 07:14:34 UTC