[aerogear-dev] AEROGEAR-686 - Security Roadmap updates
Bruno Oliveira
bruno at abstractj.org
Tue Dec 4 13:31:36 EST 2012
Hi Deepali, take a look at this presentation, might help. That pic on staging wasn't updated at the aerogear.org site.
http://quantum.abstractj.org/talks/2012/aerogear/otp/index.html#/
--
"The measure of a man is what he does with power" - Plato
-
@abstractj
-
Volenti Nihil Difficile
On Tuesday, December 4, 2012 at 4:16 PM, Deepali Khushraj wrote:
> Hello,
>
> Some questions on the aerogear OTP flows:
>
> * In scenario 1, during registration, the server generates the secret and does OTP validation. I was wondering what data is being sent to server? Asking since, I didn't see "Generate OTP" on client-side in the picture
No data is sent to the server
>
>
> * Are we recommending developers to use TOTP or HOTP or both?
>
> * How does this approach compare to Google's application-specific passwords, where OTP generation takes place outside the app?
>
> This looks like great stuff!
>
> Thanks!
> Deepali.
>
>
> On Nov 29, 2012, at 11:22 AM, Bruno Oliveira <bruno at abstractj.org (mailto:bruno at abstractj.org)> wrote:
>
> > Morning everyone, just to let you guys know that the security roadmap was finally updated. Feel free to add comments/suggestions on github.
> >
> > https://github.com/aerogear/aerogear.org/pull/15
> >
> >
> > --
> > "The measure of a man is what he does with power" - Plato
> > -
> > @abstractj
> > -
> > Volenti Nihil Difficile
> >
> >
> >
> > _______________________________________________
> > aerogear-dev mailing list
> > aerogear-dev at lists.jboss.org (mailto:aerogear-dev at lists.jboss.org)
> > https://lists.jboss.org/mailman/listinfo/aerogear-dev
>
>
>
>
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev at lists.jboss.org (mailto:aerogear-dev at lists.jboss.org)
> https://lists.jboss.org/mailman/listinfo/aerogear-dev
More information about the aerogear-dev
mailing list