| A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
1 | Requirement | Description | Source | Implications | |||||||||||||
2 | Alarm API | Applications can create alarms, notifying users | SysApps Charter | ||||||||||||||
3 | Contacts API | Apps can add, remove and edit contacts | SysApps Charter | ||||||||||||||
4 | Messaging API | Apps can send, receive and view SMS | SysApps Charter | ||||||||||||||
5 | Telephony API | Apps can access the telephony capabilities of the underlyling platform: dial a number, pick up a call, route to voicemail, access the call log | SysApps Charter | ||||||||||||||
6 | Raw Sockets API | Apps can create, manipulate and listen for low-level TCP and UDP connections | SysApps Charter | ||||||||||||||
7 | HTML5 | Applications consist of HTML, CSS and JavaScript | |||||||||||||||
8 | Location | Applications have access to geolocation data | |||||||||||||||
9 | Communicate with other applications | Applications can communicate with other applications | Some kind of messaging will be supported | ||||||||||||||
10 | Communicate with pre-defined endpoints | Applications can communicate with pre-defined web addresses | Access remote domains will be possible | ||||||||||||||
11 | Valid across multiple platforms | Applications can run on any conformant platform, potentially including any device form factor | Compatibility of application packages | ||||||||||||||
12 | Access control log | Allow access control decisions can be logged. | webinos | ||||||||||||||
13 | API access rationale | Applications shall be able to explain why access to data or APIs is being requested. | webinos | ||||||||||||||
14 | Application capability restriction | Applications shall access only its specified device features, extensions and content. | webinos | ||||||||||||||
15 | Application intent | Applications shall specify its required functionality at install time or during updates. | webinos | ||||||||||||||
16 | Application isolation | Applications shall be isolated from each other. | webinos | ||||||||||||||
17 | Application policy approval | Changes to existing application intentions and permissions shall be approved by the end user. | webinos | ||||||||||||||
18 | Authenticity check | Before being installed or updated, origin authenticity and integrity checks shall be performed by the runtime | webinos | ||||||||||||||
19 | Certifier list | The list of authorities that certified an application shall be viewable by end-users. | webinos | ||||||||||||||
20 | Confidential credentials storage | The webinos runtime shall support the confidential storage of user credentials. | webinos | ||||||||||||||
21 | Credentials access restriction | Access to credentials storage shall be limited to a specific user, a specific device and a set of applications. | webinos | ||||||||||||||
22 | Data management rationale | applications shall be able to explain how collected sensitive data will be managed. | webinos | ||||||||||||||
23 | Default policy | A default security and privacy policy shall exist an be enforced on each conformant runtime | webinos | ||||||||||||||
24 | Device-identity binding | Personal devices shall be bound to their owner's identities. | webinos | ||||||||||||||
25 | Device-identity binding revokation | The binding between personal devices and owner's identity shall be revokable. | webinos | ||||||||||||||
26 | Hierarchical policy enforcement | Runtimes can enforce multiple access control rules written by multiple stakeholders in a hierarchy. | webinos | ||||||||||||||
27 | Secure cache | Data cached by a runtime shall be securely stored to prevent disclosure and tampering by unauthorised entitites. | webinos | ||||||||||||||
28 | Secure storage | Application data shall be securely stored to prevent disclosure and tampering by unauthorised entities. | webinos | ||||||||||||||
29 | Trusted application source | When installing or using an application for the first time, the runtime shall establish that the user trusts the source of the application. | webinos | Apps must have provenance data attached to them | |||||||||||||
30 | App stores can revoke applications | An app store needs to be able to approve an application, implying they can verify the permissions, integrity and authenticity of the app | B2G - https://wiki.mozilla.org/B2G_App_Security_Model | App permissions can be changed remotely | |||||||||||||
31 | External trusted party can set app default permissions | B2G: "App store must be able to set the default permissions for an app". | Extrapolated from B2G - https://wiki.mozilla.org/B2G_App_Security_Model | The user is not the only source of access control decisions. this also suggests a need for conflict resolution. | |||||||||||||
32 | Installation | Applications must be installed before executed | B2G, webinos | ||||||||||||||
33 | Owner override | The device owner must be able to override app settings and permissions (this may not be the user, but a corporate, for example) | B2G (user), webinos (user) | Access control settings must be changeable | |||||||||||||
34 | App privilege visibility | Apps should be able to discover their privileges and degrade gracefully in a limited privilege environment | B2G - https://wiki.mozilla.org/B2G_App_Security_Model | There must be a standard way for applications to identify the permissions they have and lack | |||||||||||||
35 | Permission usability | Apps should be able to discover their privileges and degrade gracefully in a limited privilege environment | B2G - https://wiki.mozilla.org/B2G_App_Security_Model | ||||||||||||||
36 | Immunity to browser-based threats | Apps should not be vulnerable to common web vulnerabilities when granted significant privileges | B2G - https://wiki.mozilla.org/B2G_App_Security_Model | Non-browser security context: may be additional restrictions on HTML/JavaScript | |||||||||||||
37 | Pre-installed app permissions | Ability to grant trust for certain highly sensitive privileges (such as phone dialing) may be restricted at the OS level to specific trusted parties | B2G - https://wiki.mozilla.org/B2G_App_Security_Model | Different 'levels' apply to SysApps - possibly 'roles' | |||||||||||||
38 | |||||||||||||||||
39 | |||||||||||||||||
40 | |||||||||||||||||
41 | |||||||||||||||||
42 | |||||||||||||||||
43 | |||||||||||||||||
44 | |||||||||||||||||
45 | |||||||||||||||||
46 | |||||||||||||||||
47 | |||||||||||||||||
48 | |||||||||||||||||
49 | |||||||||||||||||
50 | |||||||||||||||||
51 | |||||||||||||||||
52 | |||||||||||||||||
53 | |||||||||||||||||
54 | |||||||||||||||||
55 | |||||||||||||||||
56 | |||||||||||||||||
57 | |||||||||||||||||
58 | |||||||||||||||||
59 | |||||||||||||||||
60 | |||||||||||||||||
61 | |||||||||||||||||
62 | |||||||||||||||||
63 | |||||||||||||||||
64 | |||||||||||||||||
65 | |||||||||||||||||
66 | |||||||||||||||||
67 | |||||||||||||||||
68 | |||||||||||||||||
69 | |||||||||||||||||
70 | |||||||||||||||||
71 | |||||||||||||||||
72 | |||||||||||||||||
73 | |||||||||||||||||
74 | |||||||||||||||||
75 | |||||||||||||||||
76 | |||||||||||||||||
77 | |||||||||||||||||
78 | |||||||||||||||||
79 | |||||||||||||||||
80 | |||||||||||||||||
81 | |||||||||||||||||
82 | |||||||||||||||||
83 | |||||||||||||||||
84 | |||||||||||||||||
85 | |||||||||||||||||
86 | |||||||||||||||||
87 | |||||||||||||||||
88 | |||||||||||||||||
89 | |||||||||||||||||
90 | |||||||||||||||||
91 | |||||||||||||||||
92 | |||||||||||||||||
93 | |||||||||||||||||
94 | |||||||||||||||||
95 | |||||||||||||||||
96 | |||||||||||||||||
97 | |||||||||||||||||
98 | |||||||||||||||||
99 | |||||||||||||||||
100 |