177
edits
Changes
no edit summary
# '''Definition of the permissions to be enforced'''. Examples include "app can access the IMEI number" and "app can make phone calls".
# '''Standard web security'''. This is what is normally considered to be "the web" (XSS in AJAX etc.) and it still has a role to play in B2G.
(''comment: these permission types are not really a summary, and as such should be moved to a suitable section'')
===Process for granting permissions===
#By default all Web Apps have the no special permissions, the same as any other web page.
#A Web App requests permissions in the manifest when submitting to a store (an application may only be granted permissions that it requests in the manifest)
#An App Store can grant permissions to a Web App during the install process (but not necessarily all of the requested permissions
#The user’s default permission policy is applied to the requested permissions (see permissions management) and requested permissions are updated
#The user is informed of the permissions during installation, and can modify them if desired, or choose to trust the defaults set by the App Store.
Note: If sensitive permissions are requested, certain security requirements may be placed on the application.
(''comment: this section appears to be in discussion or proposal form, not a summary form. as such it should be moved to a suitable section'')
=== Types of Runnables ===
The scope of the permissions model is limited to Open Web Apps, which are applications written web technologies (HTML, JS, CSS).
