NSEC (New Security Model)

From MozillaWiki
Jump to: navigation, search
Fxossmall.png

Program Description

New Security Model program is a project to change our underlining security infrastructure to allow more 3rd party development.

Product Requirements:

  • Enable exposing "sensitive APIs" to 3rd party developers.
  • Use the same update and security model for gaia and for 3rd party content.
  • Don't require content which uses "senstivie APIs" to be installed. Users should be able to simply browse to it.
  • Don't have separate cookie jars for separate apps. At least for normal content which doesn't use "sensitive APIs".
  • Ensure that content which uses "sensitive APIs" always runs in a separate process. Enforce in the parent process that only these separate processes can trigger "sensitive APIs". I.e. hacking a child process should not permit access to more sensitive APIs.
  • Enable content which uses "sensitive APIs" to have normal http(s) URLs such that they can use OAuth providers like facebook.
  • Enable content which uses "sensitive APIs" to use service workers.


User Stories and Acceptance Criteria

Title BUG ID User story Acceptance Criteria
Title Goes Here Bug ID User Story 1 Acceptance Criteria 1
Bug ID User Story 2 Acceptance Criteria 2
Help/Onboarding Bug ID User Story 3 Acceptance Criteria 3

Program Status

Milestone Date Status
Milestone 1 ON TARGET
Milestone 2 CHALLENGED
Milestone 3 AT RISK

Status Key

Color Status Key
On Target The project or deliverable is expected to meet its due date.
Challenged The project or deliverable is facing an issue that might cause it to miss its due date, but a “get well” plan has been developed to get it back on track.
At Risk or Late The project or deliverable is blocked or facing an issue that might cause it to miss its due date, and there’s no “get well” plan to get it back on track, or it is already late.
Done The project or deliverable has been completed.
On Hold The project or deliverable has been placed on hold.

Program Timeline

Release Timeline.png


MVP Scope

Querying by 2.6+ features

(please add correct bug tracking number)

No results.

0 Total; 0 Open (0%); 0 Resolved (0%); 0 Verified (0%);



Dependency Tracking

Dependency Gantt Chart.png


Detailed Program Plan

Action Item Engineering Owner QA Owner UX Owner Bugzilla ID Planned Done Actual Done

Program Stakeholders

Role Name IRC
EPM
EM
PM
TL
UX
QA
  • EPM = Engineering Program Manager
  • EM = Engineering Manager
  • PM = Product Manager
  • TL = Tech Lead
  • UX = User Experience
  • QA = Quality Assurance

UX Specs


Reference Links