177
edits
Changes
good work done, but it's a little muddled. sections of it really need to be moved to more appropriate locations in the document
#Least Privilege: Applications must be granted the minimum privileges necessary to function
#Minimize Permissions: APIs should be designed in such a way to provide the most functionality without the need to be granted permissions
(''comment: these principles are requirements, and as such should be moved to the requirements section'')
===Process for granting permissions===
Note: If sensitive permissions are requested, certain security requirements may be placed on the application.
(''comment: this section appears to be in discussion or proposal form, not a summary form. as such it should be moved to a suitable section'')
===Management of Permissions===
#Users need to be guided on the consequence of changing permissions, and protected from making choices which are insecure or which could disable their device (e.g. removing the permissions setting capability from the permissions web app)
#Permissions can be modified either through a permission manager application, or set through contextual actions (e.g. response to security prompts including "remember me" checkboxes or through behavior in some cases, e.g. user ignores a prompt five times in a minute, don't prompt again for an hour)
(''comment: these permissions are written as a list of requirements, and as such should be moved to the requirements section'')
===Default Permission Policy===
A user should be warned before they override the Default Permission Policy in an unsafe way.
(''comment: these default permissions policy specifications are written as a list of requirements, and as such should be moved to the requirements section'')
===Permission Types===
##Allow
#List of Permissions: TBD
(''comment: these permission types are not really a summary, and as such should be moved to a suitable section'')
===Trust Model===
#The user is the root source of trust for permissions settings.
#The user can choose to override store permissions (either granting or revoking privileges), but the store permissions should be safe for the user, and represent the minimum permissions the application needs to run.
#The store can also entrust other stores with the power to grant permissions (possibly a subset of permissions, or not privileged permissions)
(''comment: these are requirements, and as such should be moved to the requirements section'')
=== Security Requirements for Critical App Deployment ===
*Will there even be a separate set of requirements, or will threats be mitigated by App Store processes instead?
(''comment: this is a reasonable summary, and should be left in the summary section :)'')
