[aerogear-dev] [UPS] Import/Export of installations
Sebastien Blanc
scm.blanc at gmail.com
Tue Nov 11 08:12:14 EST 2014
Hi,
I would like to start a discussion around the import/export of
installations in UPS. To track all the tasks, we have a ticket[1] also
containing some sub-tasks.
<https://gist.github.com/sebastienblanc/b863b80380f8ed16ad7b#scope>Scope
For now we stick to installations, meanning we can import or export
installations from a particular Variant. Import/Export for Variants will
maybe come later but due to some security issues (mainly for iOS
cert/passphrase) it's on hold.
<https://gist.github.com/sebastienblanc/b863b80380f8ed16ad7b#import-service>Import
Service
That's an easy one ;) since the service already exist [2]. It's a REST
service and it uses the VariantId/Secret combination to authenticate.
Data format looks like :
[
{
"deviceToken" : "someTokenString",
"deviceType" : "iPad",
"operatingSystem" : "iOS",
"osVersion" : "6.1.2",
"alias" : "someUsername or email adress...",
"categories" : ["football", "sport"]
},
{
"deviceToken" : "someOtherTokenString",
...
},
...
]
<https://gist.github.com/sebastienblanc/b863b80380f8ed16ad7b#export-service>Export
Service
Like import, it will use the variantId/secret combo to authenticate and
retrieve the right variant to export the installations. The data structure
format would of course looks like the one used for import.
<https://gist.github.com/sebastienblanc/b863b80380f8ed16ad7b#output-format>Output
format
How should provide the exported data ? I need your input here 1. Raw Json ?
2. Json file ? 3. Zip / tarball ?
<https://gist.github.com/sebastienblanc/b863b80380f8ed16ad7b#ui>UI
UI should be a *nice to have*
I would suggest to add 2 items (import and export) in the contextual menu
that you can see in this screenshot :
<https://camo.githubusercontent.com/94f19f69e50a217e89363aefe52912c9b33f6355/687474703a2f2f7331352e706f7374696d672e6f72672f6779626b72737a73622f696d706f72746578706f72742e706e67>
For import, the user will have a file input and feedback on how many
installations were imported. For export, the user just have to press an
export button
<https://gist.github.com/sebastienblanc/b863b80380f8ed16ad7b#migration-issues>Migration
issues
So, that is a very important point that I would like to discuss. Even if we
are able to import installations, the *variantID_ and the __variantSecret* will
not match with those that are in the Clients.
Imagine the following scenario : I export 15000 installations, my
datacenter burns, I create a new UPS instance, with a new Push App and a
new Variant (so new VariantID and VariantSecret), then I inport the
installations. Well, my 15000 clients will point to the wrong variant. For
sure, they can be updated but that might not always be an option.
That is why I would like suggest the following change : Make *VariantId*
and *VariantSecret* editable, so after someone has done an import he can
change the values of the variants so it matches the clients.
I know we had this discussion before, but in the future we might want to
change the naming around VariantId and VariantSecret, to me it sounds more
like *variantAPIKey* / *variantAPISecret*
wdyt ?
<https://gist.github.com/sebastienblanc/b863b80380f8ed16ad7b#security>
Security
As said before, import/export uses variantId/variantSecret to authenticate.
So if someone has access to these keys he could make a malicious import of
500k installations. What should we do for that ? We could give this access
only to authenticated "console" users but then it would be hard to expose
import/export as rest service (because of KC implication)
Please comment, ask questions , be crazy ...
Sebi
[1] https://issues.jboss.org/browse/AGPUSH-978
[2]
http://aerogear.org/docs/specs/aerogear-unifiedpush-rest/registry/device/importer/index.html
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/aerogear-dev/attachments/20141111/0ee808d1/attachment-0001.html
More information about the aerogear-dev
mailing list