Closed
Bug 831833
Opened 12 years ago
Closed 12 years ago
Security Review for Simple Push Notification
Categories
(mozilla.org :: Security Assurance: Review Request, task)
mozilla.org
Security Assurance: Review Request
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: curtisk, Assigned: curtisk)
References
()
Details
(Whiteboard: [pending secreview][start yyyy-mm-dd][target yyyy-mm-dd][FxOS])
Initial Questions:
Project/Feature Name: Push Notification
Tracking ID:
Description:
We are building a internet scale, easy to use, notification service based on Thialfi. The Push Requirements include:
1) Easy-to-use content API
2) Guaranteed delivery of notifications
3) Data privacy / No disclosure of personal identifiable info to application
4) Push system internet scalability
Additional Information:
Thialfi: http://research.google.com/pubs/pub37474.html
Mozilla's Spec: https://wiki.mozilla.org/WebAPI/SimplePush
Urgency: 2-4 weeks
Key Initiative: Firefox OS
Release Date: 2013-06-30
Project Status: development
Mozilla Data: No
New or Change: New
Mozilla Project: none
Mozilla Related: FxOS, WebRTC
Separate Party: No
Security Review Questions:
Affects Products:
Review Due Date:
Review Invitees:
Extra Information:
Assignee | ||
Comment 1•12 years ago
|
||
need this info
(In reply to Curtis Koenig [:curtisk] from comment #0)
> Security Review Questions:
>
> Affects Products:
> Review Due Date:
(date you all would like to do the review, (if known from https://mail.mozilla.com/home/ckoenig@mozilla.com/Security%20Review.html)
> Review Invitees:
who from you all needs to be there
> Extra Information:
anything else?
Flags: needinfo?(jrconlin)
Comment 2•12 years ago
|
||
> who from you all needs to be there
we should also invite jlebar
Assignee | ||
Comment 3•12 years ago
|
||
so jlebar, dougt and jrconclin, now what date works for you all?
Comment 4•12 years ago
|
||
I'm free anytime except Mondays 2p Pacific and every other Tuesday at 2p Pacific (1/22 is an on day).
I'm on Eastern time, but I don't mind a late-ish meeting if that's what works for everyone else.
Assignee | ||
Comment 5•12 years ago
|
||
We have Mon/Wed at 1pm PST/4PM EST or Thu/Fri 10am PST/ 1PM PST....I think a Mon or Wed would be best to get all the "mobile" guys from our team
Comment 6•12 years ago
|
||
How does Wed 6th 1PM PST work for everyone ?
It would also be really helpful for me to talk to someone prior to the security review, as I am struggling to gain a complete picture of data flows from the existing documentation.
What I have currently, with questions is here: https://etherpad.mozilla.org/n1f1znLCQh . Please correct/answer questions if you can. Or ping me (pauljt) if its easier to explain in person.
Blocks: simple-push-b2g
Comment 7•12 years ago
|
||
dougt and I will be in London that week; 1 PST is late in the evening over there. I don't necessarily have a problem with the lateness, but I've had really bad experiences in the past trying to connect to meetings over hotel networks.
Comment 8•12 years ago
|
||
(In reply to Paul Theriault [:pauljt] from comment #6)
>
> What I have currently, with questions is here:
> https://etherpad.mozilla.org/n1f1znLCQh . Please correct/answer questions if
> you can. Or ping me (pauljt) if its easier to explain in person.
I've tried to answer the questions and provide as much insight as I can.
Thanks!
Flags: needinfo?(jrconlin)
Comment 9•12 years ago
|
||
(In reply to Justin Lebar [:jlebar] from comment #7)
> dougt and I will be in London that week; 1 PST is late in the evening over
> there. I don't necessarily have a problem with the lateness, but I've had
> really bad experiences in the past trying to connect to meetings over hotel
> networks.
This feature seems less urgent to review than basecamp stuff, so maybe we can leave it till the week afterwards. (getting Europe, Australia & US at the same time is really only possible in the evening europe time, unless I get at 3am) (Or I can get someone from the sec team in the US if it is urgent)
So how about 13th at 1pm PST?
PS JR, thanks for the info, I'll review and come back to you if I need more.
Comment 10•12 years ago
|
||
> So how about 13th at 1pm PST?
WFM.
Comment 11•12 years ago
|
||
WFM.
WFM
Assignee | ||
Comment 13•12 years ago
|
||
Assignee | ||
Comment 14•12 years ago
|
||
Meeting Details:
* Wed 13-Feb 2013, 13:00 PST
* Where:
- MTV: 3V - Very Good Very Mighty
- SFO: Golden Gate Bridge
- Vidyo(9710) secreview [https://v.mozilla.com/flex.html?roomdirect.html&key=EEtiuXn8C5EP]
* IRC Channel: #security
* Etherpad: http://etherpad.mozilla.com/secreview
* Dial-in Info (phone):
- In office or soft phone: extension 92
- US/INTL: 650-903-0800 or 650-215-1282 then extension 92
- Toronto: 416-848-3114 then extension 92
- Toll-free: 800-707-2533 then password 369
- Conference num 99710
Items to be reviewed:
https://bugzilla.mozilla.org/show_bug.cgi?id=831833
Agenda:
* Introduce Feature (5-10 minutes) [can be answered ahead of time to save meeting time]
- Goal of Feature, what is trying to be achieved (problem solved, use cases, etc)
- What solutions/approaches were considered other than the proposed solution?
- Why was this solution chosen?
- Any security threats already considered in the design and why?
* Threat Brainstorming (30-40 minutes)
* Conclusions / Action Items (10-20 minutes)
Assignee | ||
Updated•12 years ago
|
Assignee: nobody → curtisk
Whiteboard: [pending secreview][start yyyy-mm-dd][target yyyy-mm-dd]
Updated•12 years ago
|
Summary: Security Review for Push Notification → Security Review for Simple Push Notification
Updated•12 years ago
|
Blocks: B2G-secreview
Assignee | ||
Updated•12 years ago
|
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Updated•12 years ago
|
Whiteboard: [pending secreview][start yyyy-mm-dd][target yyyy-mm-dd] → [pending secreview][start yyyy-mm-dd][target yyyy-mm-dd][FxOS]
You need to log in
before you can comment on or make changes to this bug.
Description
•