<div dir="ltr"><br><div class="gmail_extra"><br><br><div class="gmail_quote">On Wed, Apr 10, 2013 at 8:52 AM, Bruno Oliveira <span dir="ltr"><<a href="mailto:bruno@abstractj.org" target="_blank">bruno@abstractj.org</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">I'm still thinking about your problem (must try before). Is APP ID (+ mobile-variant ID) really necessary?.</blockquote>
<div><br></div><div>from my original point of view: yes</div><div>Somehow the app installation (on the device) needs to tell the "registration server" I am an installation of your "FOO APP";</div>
<div><br></div><div style>We could use something else instead of the "internal ids" ( PUSH-APP ID (+ mobile-variant ID)) - on both, android and iOS, there is something like an "app id" (think packages in java), but it's not unique.</div>
<div style>So there is a chance that different users of the server have an app, in the app store, that have the same ID (since picked by the developer).</div><div><br></div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
I'm just concerned about the non repudiation, for what do you want we could introduce the concept of zero-knowledge proof for devices (<a href="http://en.wikipedia.org/wiki/Zero-knowledge_proof" target="_blank">http://en.wikipedia.org/wiki/Zero-knowledge_proof</a>).<br>
</blockquote><div><br></div><div style>Thanks for sharing!!! It's a pretty complex paper :) Looks like at least some sort of "interactions" are required to have the proof; </div><div style>I also (for simpler understanding) read the German version of that article, which says something like: "its practical usage is rare, since the system requires lot's of interaction, which is why (according to the article) practical auth-protocols are based on "digital signatures""</div>
<div style>Not sure if that statement is true :)</div><div style><br></div><div style><br></div><div style>However, I guess, requiring lot's of interactions between device and server, for registration of the token may be a problem. not sure how "chatty" that would be. Perhaps I am totally wrong :)</div>
<div><br></div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<br>
I'm not saying it's easy to achieve,</blockquote><div><br></div><div style>:-) yeah - sounds pretty complex</div><div><br></div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
but let me know if APP ID (+ mobile variant ID) can be replaced.</blockquote><div><br></div><div><br></div><div style>I guess it can, all we really need is the device telling the server: "Hey I belong to your BLAH app" :)</div>
<div><br></div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"> My suggestion is to move forward as is, until we figure out a better way to do it.<br>
</blockquote><div><br></div><div><br></div><div style>sounds like a plan! I will continue with the IDs and we can improve this later;</div><div style><br></div><div style><br></div><div style>However, from reading, the "zero-knowledge proof" concept is an interesting thing</div>
<div><br></div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<br>
Makes sense?<br></blockquote><div><br></div><div><br></div><div style>Absolutely !</div><div><br></div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<div><br>
<br>
--<br>
"The measure of a man is what he does with power" - Plato<br>
-<br>
@abstractj<br>
-<br>
Volenti Nihil Difficile<br>
<br>
<br>
<br>
On Tuesday, April 9, 2013 at 1:20 PM, Matthias Wessendorf wrote:<br>
<br>
><br>
</div><div>> So...... the following information needs to be available.... so that the mobile dev. for the free iOS app can register the token with the server:<br>
><br>
> APP ID (+ mobile-variant ID)<br>
<br>
<br>
</div><div><div>_______________________________________________<br>
aerogear-dev mailing list<br>
<a href="mailto:aerogear-dev@lists.jboss.org" target="_blank">aerogear-dev@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/aerogear-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/aerogear-dev</a><br>
</div></div></blockquote></div><br><br clear="all"><div><br></div>-- <br>Matthias Wessendorf <br><br>blog: <a href="http://matthiaswessendorf.wordpress.com/" target="_blank">http://matthiaswessendorf.wordpress.com/</a><br>
sessions: <a href="http://www.slideshare.net/mwessendorf" target="_blank">http://www.slideshare.net/mwessendorf</a><br>twitter: <a href="http://twitter.com/mwessendorf" target="_blank">http://twitter.com/mwessendorf</a>
</div></div>