[aerogear-dev] Security for "Device Registration"
Matthias Wessendorf
matzew at apache.org
Tue May 21 12:05:00 EDT 2013
On Tue, May 21, 2013 at 5:58 PM, Douglas Campos <qmx at qmx.me> wrote:
> On Sat, May 18, 2013 at 12:48:31AM +0200, Matthias Wessendorf wrote:
> > Hi,
> >
> > once the app is installed on the phone (or launched in a browser),
> > we (as discussed in the spec/mailing list) need to upload the "device
> > token" (or channelID) from the actual device/channel to the Unified Push
> > Server.
> >
> >
> > My questions:
> > Is it safe, if every "Mobile Variant" has a Private/Public Key ???
> >
> > The UP server keeps the private one.
> > Once we register a new mobile variant (e.g. HR for Android, HR for iPad,
> HR
> > for iPhone, ...) EACH variant has ONE Private/Public key
> When you say private/public key pair, you mean two pairs right? one for
> the device, other for the server variant?
>
> Let's clarify this then we can move the discussion further.
>
I think I mean more the Unified Push server has the "private key", while
the device uses the public key,
to perform the "auth" against the server-side variant (e.g. PhoneABC
registers itself with the Android variant)
-M
>
> --
> qmx
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>
--
Matthias Wessendorf
blog: http://matthiaswessendorf.wordpress.com/
sessions: http://www.slideshare.net/mwessendorf
twitter: http://twitter.com/mwessendorf
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/aerogear-dev/attachments/20130521/dca91ddf/attachment.html
More information about the aerogear-dev
mailing list