[aerogear-dev] AEROGEAR-686 - Security Roadmap updates
Deepali Khushraj
dkhushra at redhat.com
Tue Dec 4 13:44:28 EST 2012
Ugh! I was looking at an outdated version:
https://github.com/abstractj/aerogear.org/blob/da34fe6760c2ce25218b2c629723f1088be2fa11/docs/specs/img/aerogear_otp_registrationv0.0.1.jpg
On Dec 4, 2012, at 1:41 PM, Bruno Oliveira <bruno at abstractj.org> wrote:
> Tbh I believe that is just a matter of push the changes to aerogear.org, because the images are the same (https://github.com/aerogear/aerogear.org/commit/be8295d48e19f0c24725042c019cefd5bd4c4387).
>
> Let me know if you have more questions on it.
>
>
> --
> "The measure of a man is what he does with power" - Plato
> -
> @abstractj
> -
> Volenti Nihil Difficile
>
>
>
> On Tuesday, December 4, 2012 at 4:39 PM, Deepali Khushraj wrote:
>
>> Thanks! I did look at this presentation too, wasn't sure which one was more fresh.
>>
>> Does the flow in slide 13 override the one from the spec in github?
>>
>>
>> On Dec 4, 2012, at 1:31 PM, Bruno Oliveira <bruno at abstractj.org (mailto:bruno at abstractj.org)> wrote:
>>> Hi Deepali, take a look at this presentation, might help. That pic on staging wasn't updated at the aerogear.org (http://aerogear.org) site.
>>>
>>> http://quantum.abstractj.org/talks/2012/aerogear/otp/index.html#/
>>>
>>> --
>>> "The measure of a man is what he does with power" - Plato
>>> -
>>> @abstractj
>>> -
>>> Volenti Nihil Difficile
>>>
>>>
>>>
>>> On Tuesday, December 4, 2012 at 4:16 PM, Deepali Khushraj wrote:
>>>
>>>> Hello,
>>>>
>>>> Some questions on the aerogear OTP flows:
>>>>
>>>> * In scenario 1, during registration, the server generates the secret and does OTP validation. I was wondering what data is being sent to server? Asking since, I didn't see "Generate OTP" on client-side in the picture
>>> No data is sent to the server
>>>>
>>>>
>>>> * Are we recommending developers to use TOTP or HOTP or both?
>>>>
>>>> * How does this approach compare to Google's application-specific passwords, where OTP generation takes place outside the app?
>>>>
>>>> This looks like great stuff!
>>>>
>>>> Thanks!
>>>> Deepali.
>>>>
>>>>
>>>> On Nov 29, 2012, at 11:22 AM, Bruno Oliveira <bruno at abstractj.org (mailto:bruno at abstractj.org)> wrote:
>>>>
>>>>> Morning everyone, just to let you guys know that the security roadmap was finally updated. Feel free to add comments/suggestions on github.
>>>>>
>>>>> https://github.com/aerogear/aerogear.org/pull/15
>>>>>
>>>>>
>>>>> --
>>>>> "The measure of a man is what he does with power" - Plato
>>>>> -
>>>>> @abstractj
>>>>> -
>>>>> Volenti Nihil Difficile
>>>>>
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> aerogear-dev mailing list
>>>>> aerogear-dev at lists.jboss.org (mailto:aerogear-dev at lists.jboss.org)
>>>>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> aerogear-dev mailing list
>>>> aerogear-dev at lists.jboss.org (mailto:aerogear-dev at lists.jboss.org)
>>>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> aerogear-dev mailing list
>>> aerogear-dev at lists.jboss.org (mailto:aerogear-dev at lists.jboss.org)
>>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>>
>>
>> _______________________________________________
>> aerogear-dev mailing list
>> aerogear-dev at lists.jboss.org (mailto:aerogear-dev at lists.jboss.org)
>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>
>
>
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/aerogear-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/aerogear-dev/attachments/20121204/87ca9fa0/attachment-0001.html
More information about the aerogear-dev
mailing list