Closed Bug 1153449 Opened 9 years ago Closed 9 years ago

[META] New Gaia Security Model

Categories

(Core :: Security, defect)

Product:
Core
Component:
Security
Platform:
x86
macOS
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 1149545

People

(Reporter: jgong, Unassigned)

References

Details

User Story

This is a meta bug to track for new security model to support new unified application architecture for Gaia apps.  

Goals are:
- Enable exposing "sensitive APIs" to 3rd party developers.
- Use the same update and security model for gaia and for 3rd party content.
- Don't require content which uses "senstivie APIs" to be installed. Users should be able to simply browse to it.
- Don't have separate cookie jars for separate apps. At least for normal content which doesn't use "sensitive APIs".
-Ensure that content which uses "sensitive APIs" always runs in a separate process. Enforce in the 
parent process that only these separate processes can trigger "sensitive APIs". I.e. hacking a child process should not permit access to more sensitive APIs.
- Enable content which uses "sensitive APIs" to have normal http(s) URLs such that they can use OAuth providers like facebook.
- Enable content which uses "sensitive APIs" to use service workers.

This new security model involves 7 key implementation areas.

1 Signing  https://wiki.mozilla.org/FirefoxOS/New_security_model#Signing
2 Verifying signatures https://wiki.mozilla.org/FirefoxOS/New_security_model#Verifying_signatures
3 CSP  https://wiki.mozilla.org/FirefoxOS/New_security_model#CSP
4 Process isolation  https://wiki.mozilla.org/FirefoxOS/New_security_model#Process_isolation
5 Installing and updating https://wiki.mozilla.org/FirefoxOS/New_security_model#Installing_and_updating
6 Service Workers  https://wiki.mozilla.org/FirefoxOS/New_security_model#Service_Workers
7 Origins and cookie jars https://wiki.mozilla.org/FirefoxOS/New_security_model#Origins_and_cookie_jars
This is a meta bug to track for new security model to support new unified application architecture for Gaia apps.
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.