[aerogear-dev] AEROGEAR-686 - Security Roadmap updates
Deepali Khushraj
dkhushra at redhat.com
Tue Dec 4 13:16:20 EST 2012
Hello,
Some questions on the aerogear OTP flows:
* In scenario 1, during registration, the server generates the secret and does OTP validation. I was wondering what data is being sent to server? Asking since, I didn't see "Generate OTP" on client-side in the picture.
* Are we recommending developers to use TOTP or HOTP or both?
* How does this approach compare to Google's application-specific passwords, where OTP generation takes place outside the app?
This looks like great stuff!
Thanks!
Deepali.
On Nov 29, 2012, at 11:22 AM, Bruno Oliveira <bruno at abstractj.org> wrote:
> Morning everyone, just to let you guys know that the security roadmap was finally updated. Feel free to add comments/suggestions on github.
>
> https://github.com/aerogear/aerogear.org/pull/15
>
>
> --
> "The measure of a man is what he does with power" - Plato
> -
> @abstractj
> -
> Volenti Nihil Difficile
>
>
>
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/aerogear-dev
More information about the aerogear-dev
mailing list