On 26/09/2012 23:09, ptheriault wrote:
Antonio,
I was surprised to see that too - my guess is that it was a guess from long ago
before push API was defined. On monday I created a version 1.0 of the matrix
with many updates and corrections (including this) and sent it to the b2g list.
Below are links to the new matrix, and the change log/question list:
Permissions Matrix 1.0:
https://docs.google.com/spreadsheet/ccc?key=0Akyz_Bqjgf5pdHNlbDBDUGMzUzJSdFYyNEZjcngtUWc
1.0 version changes: https://etherpad.mozilla.org/permissionmatrixupdates
Thanks for the new version, somehow I missed that update.
(for reference, the change I made was to update permissions to match the wiki.
Also I wasnt sure if there is a Mgmt API which allows the system to know what
push notifications are registered?)
Now to your concern about apps launching - is your fear that apps can keep
themselves running by sending push notifications?
My understanding of the way Push Notifications were handled was that there was
user interaction in the process - i.e. they show up in the notifications tray,
and then, only after the user has tapped on the notification the app is
relaunched.
Yeah, that was my understanding too, but then I was told that
notifications actually launched the app if it wasn't running in the
first place. Which if finally is what sees the light, makes it an
explicit permission (at least) in my book :)
Best regards,
Antonio
Regards,
Paul
On Sep 26, 2012, at 8:34 PM, Antonio Manuel Amaya Calvo wrote:
Hey Paul.
I've seen that on the permission matrix at
https://docs.google.com/spreadsheet/ccc?key=0Akyz_Bqjgf5pdENVekxYRjBTX0dCXzItMnRyUU1RQ0E&pli=1#gid=0
the PushAPI is reserved to certified apps only, when it used to be a
Public API (according to
https://wiki.mozilla.org/WebAPI/Security/pushNotificationsAPI at least).
Do you know why and when was that changed?
I was in fact going to suggest either changing the way the system treats
notification currently (from what I've been told, the system *launches*
the app if it isn't running, which isn't good) or at least making it an
explicit permission for anything less than privileged, but just removing
the permission completely for anything less than certified seems a
little bit extreme.
Best regards,
Antonio
--
Antonio Manuel Amaya Calvo_/ / _ /Security&Trust on N&S
email: [email protected] / _ _/ ( / Telefonica I+D
Tlf.: +34-91.312.98.95 _/ _/ \__/ D. Ramón de la Cruz 82
Fax : 28006 Madrid, SPAIN
________________________________
Este mensaje se dirige exclusivamente a su destinatario. Puede consultar
nuestra política de envío y recepción de correo electrónico en el enlace
situado más abajo.
This message is intended exclusively for its addressee. We only send and
receive email on the basis of the terms set out at:
http://www.tid.es/ES/PAGINAS/disclaimer.aspx
testResults['bluetooth']
--
Antonio Manuel Amaya Calvo_/ / _ /Security&Trust on N&S
email: [email protected] / _ _/ ( / Telefonica I+D
Tlf.: +34-91.312.98.95 _/ _/ \__/ D. Ramón de la Cruz 82
Fax : 28006 Madrid, SPAIN
________________________________
Este mensaje se dirige exclusivamente a su destinatario. Puede consultar
nuestra política de envío y recepción de correo electrónico en el enlace
situado más abajo.
This message is intended exclusively for its addressee. We only send and
receive email on the basis of the terms set out at:
http://www.tid.es/ES/PAGINAS/disclaimer.aspx
_______________________________________________
dev-b2g mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-b2g
