NSEC (New Security Model)
From MozillaWiki
Contents
Program Description
New Security Model program is a project to change our underlining security infrastructure to allow more 3rd party development.
Product Requirements:
- Enable exposing "sensitive APIs" to 3rd party developers.
- Use the same update and security model for gaia and for 3rd party content.
- Don't require content which uses "senstivie APIs" to be installed. Users should be able to simply browse to it.
- Don't have separate cookie jars for separate apps. At least for normal content which doesn't use "sensitive APIs".
- Ensure that content which uses "sensitive APIs" always runs in a separate process. Enforce in the parent process that only these separate processes can trigger "sensitive APIs". I.e. hacking a child process should not permit access to more sensitive APIs.
- Enable content which uses "sensitive APIs" to have normal http(s) URLs such that they can use OAuth providers like facebook.
- Enable content which uses "sensitive APIs" to use service workers.
User Stories and Acceptance Criteria
| Title | BUG ID | User story | Acceptance Criteria |
|---|---|---|---|
| Title Goes Here | Bug ID | User Story 1 | Acceptance Criteria 1 |
| Bug ID | User Story 2 | Acceptance Criteria 2 | |
| Help/Onboarding | Bug ID | User Story 3 | Acceptance Criteria 3 |
Program Status
| Milestone | Date | Status |
|---|---|---|
| Milestone 1 | ON TARGET | |
| Milestone 2 | CHALLENGED | |
| Milestone 3 | AT RISK |
Status Key
| Color | Status | Key |
|---|---|---|
| On Target | The project or deliverable is expected to meet its due date. | |
| Challenged | The project or deliverable is facing an issue that might cause it to miss its due date, but a “get well” plan has been developed to get it back on track. | |
| At Risk or Late | The project or deliverable is blocked or facing an issue that might cause it to miss its due date, and there’s no “get well” plan to get it back on track, or it is already late. | |
| Done | The project or deliverable has been completed. | |
| On Hold | The project or deliverable has been placed on hold. |
Program Timeline
MVP Scope
Querying by 2.6+ features
(please add correct bug tracking number)
No results.
0 Total; 0 Open (0%); 0 Resolved (0%); 0 Verified (0%);
Dependency Tracking
Detailed Program Plan
| Action Item | Engineering Owner | QA Owner | UX Owner | Bugzilla ID | Planned Done | Actual Done |
|---|---|---|---|---|---|---|
Program Stakeholders
| Role | Name | IRC |
|---|---|---|
| EPM | ||
| EM | ||
| PM | ||
| TL | ||
| UX | ||
| QA |
- EPM = Engineering Program Manager
- EM = Engineering Manager
- PM = Product Manager
- TL = Tech Lead
- UX = User Experience
- QA = Quality Assurance
