[aerogear-dev] Passphrase encryption - REST API discussion
Matthias Wessendorf
matzew at apache.org
Thu Mar 13 09:03:23 EDT 2014
On Thu, Mar 13, 2014 at 1:45 PM, Bruno Oliveira <bruno at abstractj.org> wrote:
> That would make sense into the Sender request, once we don't have ways to
> identify if the data was encrypted or not, something like "--header
> "protected: true" (always optional). For example:
>
hrm - not sure I like that 'protected' header on the SEND
>
>
> curl -3 -u "{PushApplicationID}:{MasterSecret}"
> -v -H "Accept: application/json" -H "Content-type: application/json"
> --header "protected: true"
> -X POST
>
> -d '{
> "variants" : ["c3f0a94f-48de-4b77-a08e-68114460857e",
> "444939cd-ae63-4ce1-96a4-de74b77e3737" ....],
> "categories" : ["someCategory"],
> "alias" : ["user at account.com", "jay at redhat.org", ....],
> "deviceType" : ["iPad", "AndroidTablet", "web"],
>
> "message": {"key":"value", "key2":"other value", "alert":"HELLO!"},
> "simple-push": "version=123"
> }'
>
> https://SERVER:PORT/CONTEXT/rest/sender
>
> Does it make sense to you? In the future with the key agreement, that
> might not be necessary.
>
> --
> abstractj
>
> On March 13, 2014 at 9:33:07 AM, Sebastien Blanc (scm.blanc at gmail.com)
> wrote:
> > > Shouldn't there be a flag in the request telling the cert and
> > passphrase are encrypted or not ? Or maybe the server can detect
> > by itself if it's encrypted or not .
>
>
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>
--
Matthias Wessendorf
blog: http://matthiaswessendorf.wordpress.com/
sessions: http://www.slideshare.net/mwessendorf
twitter: http://twitter.com/mwessendorf
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/aerogear-dev/attachments/20140313/a0296bb4/attachment.html
More information about the aerogear-dev
mailing list