Updated proposal. Note that since only foreground content can trigger vibrator, this seems equivalent to other potentially annoying feedback mechanisms and should be implicit for uninstalled web content… thoughts?
Name of API: Vibration Reference: http://dev.w3.org/2009/dap/vibration/ Brief purpose of API: Let content activate the vibration motor Inherent threats: Obnoxious if mis-used, consume extra battery Threat severity: low == Regular web content (unauthenticated) == Use cases for unauthenticated code: Vibrate when hit in a game Authorization model for uninstalled web content: Implicit Authorization model for installed web content: Implicit Potential mitigations: Limit how long vibrations can run. Only foreground content can trigger vibration. == Trusted (authenticated by publisher) == Use cases for authenticated code:[Same] Authorization model: Implicit Potential mitigations: == Certified (vouched for by trusted 3rd party) == Use cases for certified code: Authorization model: Implicit Potential mitigations: Notes: This API may be implicitly granted. User can deny from Permission Manager to over-ride an abusive app. On Apr 11, 2012, at 10:36 PM, Lucas Adamski wrote: > Name of API: Vibration > Reference: http://dev.w3.org/2009/dap/vibration/ > > Brief purpose of API: Let content activate the vibration motor > > Inherent threats: Obnoxious if mis-used, consume extra battery > Threat severity: low > > == Regular web content (unauthenticated) == > Use cases for unauthenticated code: Vibrate when hit in a game > Authorization model for uninstalled web content: Explicit > Authorization model for installed web content: Implicit > Potential mitigations: Limit how long vibrations can run > > == Trusted (authenticated by publisher) == > Use cases for authenticated code:[Same] > Authorization model: Implicit > Potential mitigations: > > == Certified (vouched for by trusted 3rd party) == > Use cases for certified code: > Authorization model: implicit > Potential mitigations: > > Notes: This API may be implicitly granted. User can deny from Permission > Manager to over-ride an abusive app. _______________________________________________ dev-security mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security
