[aerogear-dev] AGSEC - Roadmap

Bruno Oliveira bruno at abstractj.org
Fri May 24 12:37:39 EDT 2013 

PR sent, give your +1 or ?beardslap if you don't like it

https://github.com/aerogear/aerogear.org/pull/69

Bruno Oliveira wrote:
> Ahoy, based on the feedback from Matthias, I just updated AGSEC roadmap.
> Let me know what do you guys think, please.
>
> gist: https://gist.github.com/abstractj/b50cee4eb8163ccf4c26
>
> # Component planning
>
> - examples: demos, example of usage, snippets
> - docs: documentation about how to make use of security libraries, blog
> posts, updates on aerogear.org
> - CI: updates on CI like new jobs to be created or improvements
> - OTP: TOTP & HOTP components which affects the server, iOS, Android and JS
> - crypto: implementations of cryptographic algorithms to support
> server/client side
> - security-*: aerogear-security, aerogear-security-picketlink and
> aerogear-security-shiro.
> - social: Twitter, Facebook, Google (any social networks to share your
> password with friends)
> - authentication: authentication methods to be provided (Basic, Digest,
> LDAP, OAuth2, Hawk, Mozilla Persona, Two-factor)
> - authorization: authorization methods to be implemented or supported.
> - storage: issues and features related with encrypted storage
> - cache: issues and features related with encrypted cache
> - openshift: for examples on OpenShift and eventual issues
> - testing: For the efforts leaded by Karel.
>
> # AeroGear Security - Roadmap
>
> ## 1.0.1
>
> * Bug fixes on examples and updates on AeroGear Security
>
> * AGSEC-16: Support for multiple roles for AerogearUser (TBD with sblanc)
>
> * AGSEC-29: Documentation with the overview and description on AeroGear
> Security
>
> * AGSEC-36: Add a method to retrieve all registered users on the
> AuthenticationManager interface (TBD with sblanc)
>
> * AGSEC-36: Add CRUD methods for AerogearUser
>
> * Initial support for OTP on JS
>
> ## 1.1.0 (Mid June)
>
> * AGSEC-13: Add HTTP basic authentication support to the client side
>
> * AGDROID-27 Add HTTP basic authentication support on AeroGear Android
> (summers)
>
> * AGIOS-4 Add HTTP basic authentication support on AeroGear iOS (christos)
>
> * AGJS-18 Add HTTP basic authentication support on AeroGear.js (I can
> help on it, I'm just following the JS roadmap)
>
> * AGSEC-18: Add session management support
>
> * AGSEC-27: Provide a detailed specification and which kind of
> authentication schemes will be supported
>
> * AGSEC-28: HOTP support
>
> * AGDROID-30: Add HOTP support to aerogear-otp-java
>
> * AGIOS-1: Add HOTP support to aerogear-otp-ios
>
>
> * AGSEC-55: Various security tasks for the Unified Push server
>
> * AGSEC-30: Unified Push (Add Client Access Key)
>
> * AGSEC-33: Unified Push: Sec: Add OAuth component to PushEE
>
> * AGSEC-34: Unified Push: Sec: Add Security Framework to PushEE
>
> * AGSEC-50: Unified Push: Secure registration of Mobile Variant instance
> with the server
>
> * AGSEC-51 Unified Push: Secure registration of Push Application
>
> * AGSEC-52 Unified Push: Secure registration of Mobile Variant
>
> * AGSEC-48: Add Apache Shiro support on AeroGear Security
>
>
> ## 1.2.0 (Mid August)
>
> * AGSEC-6: Encryption for mobile devices
>
> * AGDROID-34 Implementation and API usage for android crypto
>
> * AGIOS-3 Implementation and API usage for iOS crypto
>
> * AGSEC-15: Add HTTP digest authentication support to the client side
>
> * AGDROID-10 Add HTTP digest authentication support on AeroGear Android
> (Summers)
>
>
> * AGIOS-5 Add HTTP digest authentication support on AeroGear iOS (Christos)
>
> * AGIOS-6 Provide a parameter on iOS to enable/disable the usage of
> cookies (abstractj)
>
> * AGJS-23 Add HTTP digest authentication support on AeroGear.js
>
> * AGSEC-26: Authentication schemes for mobile devices
>
> * AGSEC-49: Add Hawk support on AeroGear Security
>
> * AGSEC-55: Various security tasks for the Unified Push server
>
> * AGSEC-31: Unified Push: Evaluate non repudiation for each application
> on the server
>
> * AGSEC-53 Unified Push: Secure Admin UI
>
> * AGSEC-54 Unified Push: Secure http endpoint for sending push notification
>
>
> ## 1.3.0 (Mid October)
>
> * AGSEC-2: Secure storage and cache
>
> * AGSEC-7: Provide a detailed specification about how it should work
>
> * AGSEC-3: Url and Forms that perform important operations must be
> protected by random tokens (hidden nonce values)
>
> * AGSEC-4: Authentication of RESTful requests per transactions must be
> provided as alternative on AeroGear Security
>
> * AGSEC-14: HTTP signed requests
>
> * AGSEC-17: Mobile devices blacklist support
>
>
> ## 1.4.0 (Mid January)
>
> * AGSEC-12: Offline authentication
>
> * AGSEC-25: Include rate-limit to incoming requests from the same origin
>
>
> ## 2.0.0
>
> * AGSEC-5: Social login
>
> * AGSEC-8: Provide a detailed specification about which methods will be
> supported
>
> * AGSEC-19: Security & privacy policy (geo, user, misc data)
>
> * Biometric authentication (TBD)
>
>
>
>
>
> Matthias Wessendorf wrote:
>> Hi Bruno,
>>
>> https://issues.jboss.org/browse/AGSEC-55
>> I added the new items to this "umbrella" ticket.
>>
>>
>> I'd say, we move the other "unified push" JIRAs to this parent as well.
>>
>> If you agree, let me move the bits!

More information about the aerogear-dev mailing list