[aerogear-dev] AEROGEAR-686 - Security Roadmap updates

Deepali Khushraj dkhushra at redhat.com
Tue Dec 4 13:39:02 EST 2012 

Thanks! I did look at this presentation too, wasn't sure which one was more fresh.

Does the flow in slide 13 override the one from the spec in github?


On Dec 4, 2012, at 1:31 PM, Bruno Oliveira <bruno at abstractj.org> wrote:

> Hi Deepali, take a look at this presentation, might help. That pic on staging wasn't updated at the aerogear.org site.
> 
> http://quantum.abstractj.org/talks/2012/aerogear/otp/index.html#/
> 
> -- 
> "The measure of a man is what he does with power" - Plato
> -
> @abstractj
> -
> Volenti Nihil Difficile
> 
> 
> 
> On Tuesday, December 4, 2012 at 4:16 PM, Deepali Khushraj wrote:
> 
>> Hello,
>> 
>> Some questions on the aerogear OTP flows: 
>> 
>> * In scenario 1, during registration, the server generates the secret and does OTP validation. I was wondering what data is being sent to server? Asking since, I didn't see "Generate OTP" on client-side in the picture 
> No data is sent to the server 
>> 
>> 
>> * Are we recommending developers to use TOTP or HOTP or both?
>> 
>> * How does this approach compare to Google's application-specific passwords, where OTP generation takes place outside the app? 
>> 
>> This looks like great stuff!
>> 
>> Thanks!
>> Deepali.
>> 
>> 
>> On Nov 29, 2012, at 11:22 AM, Bruno Oliveira <bruno at abstractj.org (mailto:bruno at abstractj.org)> wrote:
>> 
>>> Morning everyone, just to let you guys know that the security roadmap was finally updated. Feel free to add comments/suggestions on github.
>>> 
>>> https://github.com/aerogear/aerogear.org/pull/15 
>>> 
>>> 
>>> -- 
>>> "The measure of a man is what he does with power" - Plato
>>> -
>>> @abstractj
>>> -
>>> Volenti Nihil Difficile
>>> 
>>> 
>>> 
>>> _______________________________________________
>>> aerogear-dev mailing list
>>> aerogear-dev at lists.jboss.org (mailto:aerogear-dev at lists.jboss.org)
>>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>> 
>> 
>> 
>> 
>> _______________________________________________
>> aerogear-dev mailing list
>> aerogear-dev at lists.jboss.org (mailto:aerogear-dev at lists.jboss.org)
>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
> 
> 
> 
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/aerogear-dev

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/aerogear-dev/attachments/20121204/bb1a0597/attachment.html

More information about the aerogear-dev mailing list