<div dir="ltr">FYI,<div>here is a JIRA that passos created for those repos:</div><div><br></div><div>
<p class=""><a href="https://issues.jboss.org/browse/AEROGEAR-1479">https://issues.jboss.org/browse/AEROGEAR-1479</a><br></p><p class=""><br></p><p class="">-M</p><p class=""><br></p><p class=""><br></p></div></div><div class="gmail_extra">
<br><br><div class="gmail_quote">On Mon, Jul 28, 2014 at 4:23 PM, Corinne Krych <span dir="ltr"><<a href="mailto:corinnekrych@gmail.com" target="_blank">corinnekrych@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
@abstractj @summers what about being more specific and naming ag-android-authz as ag-android-oauth2? This will be without confusion.<br>
For now we only implement oauth2. If we need oauth1a impl we can have a separate module. wdyt?<br>
This is the way i’d like to go for iOS lib.<br>
<br>
With Oauth2 you do need authentication but as it’s taken care of by the oauth2 provider, client side lib does not need a “login” method, this indeed why we need auth module is different to authz one.<br>
<br>
++<br>
<span class="HOEnZb"><font color="#888888">Corinne<br>
</font></span><div class="HOEnZb"><div class="h5"><br>
On 28 Jul 2014, at 16:09, Bruno Oliveira <<a href="mailto:bruno@abstractj.org">bruno@abstractj.org</a>> wrote:<br>
<br>
> Answers inline.<br>
><br>
> On 2014-07-28, Summers Pittman wrote:<br>
>> On 07/25/2014 03:01 PM, Bruno Oliveira wrote:<br>
>>> On 2014-07-25, Lucas Holmquist wrote:<br>
>>>> On Jul 25, 2014, at 1:25 PM, Bruno Oliveira <<a href="mailto:bruno@abstractj.org">bruno@abstractj.org</a>> wrote:<br>
>>>><br>
>>>>> On 2014-07-25, Lucas Holmquist wrote:<br>
>>>>>> On Jul 25, 2014, at 1:16 PM, Bruno Oliveira <<a href="mailto:bruno@abstractj.org">bruno@abstractj.org</a>> wrote:<br>
>>>>>><br>
>>>>>>> On 2014-07-25, Summers Pittman wrote:<br>
>>>>>>>> On 07/22/2014 11:06 AM, Bruno Oliveira wrote:<br>
>>>>>>>>> Passos, what does aerogear-android-security stands for? Do we really<br>
>>>>>>>>> need the authz module? My question is due to the fact that mostly it<br>
>>>>>>>>> will be together with auth module, but I could be wrong.<br>
>>>>>>>> You are wrong :)<br>
>>>>>>> Do you have authorization without authentication? Or authentication with<br>
>>>>>>> no authorization?<br>
>>>>>> We have this in our JS lib, the Authenitcation module, just does the login/logout/enroll<br>
>>>>>><br>
>>>>>> and the Authz module doesn’t rely on it, but connects to 3rd party OAuth2( the current adapter ) providers<br>
>>>>> If it connects using a Token from a 3rd party service, is because it's based on some credential. So,<br>
>>>>> I assume that you have authentication AND authorization, there's no magic ;)<br>
>>>>><br>
>>>>> Either way, name it to whatever you guys think is the best.<br>
>>>> yea, the names can be confusing here :). we should rename to “CoolSuperAwesomeThing” and “bob” :)<br>
>>> As long as you do at your own repository, I'm ok. Meanwhile let's not<br>
>>> mix the concept of OAuth2 with authorization only.<br>
>> OAuth2 is an implementation of Authorization. We have Jira's for<br>
>> OAuth1a, alternate work flows etc.<br>
><br>
> Summers, there's no authorization without authentication before. Even<br>
> with OAuth2 the client make use of the Bearer authentication scheme for<br>
> example.<br>
><br>
> If you assume that OAuth2 is authorization only, would be the same of<br>
> assume that once my application is authorized on Twitter, I should be able<br>
> to access many profiles as I want.<br>
><br>
> Even if IETF says "The OAuth 2.0 Authorization Framework: Bearer Token<br>
> Usage".<br>
><br>
>><br>
>> A better way to think about it would be the auth module is user visible<br>
>> credential authentication and authorization. The authz module is third<br>
>> party authentication and authorization.a<br>
><br>
> authz into any security context stands for "authorization", if you mix<br>
> both concepts here, people will get confused.<br>
><br>
>><br>
>> A while ago we did discuss revisiting authz/auth and see if they can be<br>
>> meaningfully merged. This may be something for a different thread. As<br>
>> it stands they don't make sense to be in the same module because they<br>
>> work differently for different use cases.<br>
><br>
> As I said, I trust in your judgment, but mix concepts will lead to<br>
> confusion.<br>
><br>
>><br>
>>><br>
>>>>>><br>
>>>>>>>> In general<br>
>>>>>>>><br>
>>>>>>>> Auth module consumes a username and password and manages a session.<br>
>>>>>>>> Authz fetches and consumers tokens and manages them through a<br>
>>>>>>>> android.app.Service service.<br>
>>>>>>>>> On 2014-07-22, Daniel Passos wrote:<br>
>>>>>>>>>> Hey Guys,<br>
>>>>>>>>>><br>
>>>>>>>>>> Summers and I started working on agdroid modules and remove some cyclic<br>
>>>>>>>>>> dependencies. So we plan to split the agdroid on these modules:<br>
>>>>>>>>>><br>
>>>>>>>>>> - aerogear-android-core<br>
>>>>>>>>>> - aerogear-android-pipe<br>
>>>>>>>>>> - aerogear-android-auth<br>
>>>>>>>>>> - aerogear-android-autz<br>
>>>>>>>>>> - aerogear-android-store (with option security dependecy to use<br>
>>>>>>>>>> EncryptedStores)<br>
>>>>>>>>>> - aerogear-android-security<br>
>>>>>>>>>> - aerogear-android-push<br>
>>>>>>>>>> - aerogear-android-push-ups<br>
>>>>>>>>>> - aerogear-android-offline<br>
>>>>>>>>>><br>
>>>>>>>>>> -- Passos<br>
>>>>>>>>>> <br>
>>>>>>>>>><br>
>>>>>>>>>><br>
>>>>>>>>>> On Fri, May 9, 2014 at 3:55 AM, Corinne Krych <<a href="mailto:corinnekrych@gmail.com">corinnekrych@gmail.com</a>><br>
>>>>>>>>>> wrote:<br>
>>>>>>>>>><br>
>>>>>>>>>>> Oops<br>
>>>>>>>>>>> [2] <a href="https://issues.jboss.org/browse/AGIOS-187" target="_blank">https://issues.jboss.org/browse/AGIOS-187</a><br>
>>>>>>>>>>><br>
>>>>>>>>>>> On 09 May 2014, at 08:52, Corinne Krych <<a href="mailto:corinnekrych@gmail.com">corinnekrych@gmail.com</a>> wrote:<br>
>>>>>>>>>>><br>
>>>>>>>>>>>> [2] <a href="https://issues.jboss.org/browse/AGIOS-192" target="_blank">https://issues.jboss.org/browse/AGIOS-192</a><br>
>>>>>>>>>>> _______________________________________________<br>
>>>>>>>>>>> aerogear-dev mailing list<br>
>>>>>>>>>>> <a href="mailto:aerogear-dev@lists.jboss.org">aerogear-dev@lists.jboss.org</a><br>
>>>>>>>>>>> <a href="https://lists.jboss.org/mailman/listinfo/aerogear-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/aerogear-dev</a><br>
>>>>>>>>>>><br>
>>>>>>>>>> _______________________________________________<br>
>>>>>>>>>> aerogear-dev mailing list<br>
>>>>>>>>>> <a href="mailto:aerogear-dev@lists.jboss.org">aerogear-dev@lists.jboss.org</a><br>
>>>>>>>>>> <a href="https://lists.jboss.org/mailman/listinfo/aerogear-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/aerogear-dev</a><br>
>>>>>>>>> --<br>
>>>>>>>>><br>
>>>>>>>>> abstractj<br>
>>>>>>>>> PGP: 0x84DC9914<br>
>>>>>>>>> _______________________________________________<br>
>>>>>>>>> aerogear-dev mailing list<br>
>>>>>>>>> <a href="mailto:aerogear-dev@lists.jboss.org">aerogear-dev@lists.jboss.org</a><br>
>>>>>>>>> <a href="https://lists.jboss.org/mailman/listinfo/aerogear-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/aerogear-dev</a><br>
>>>>>>>><br>
>>>>>>>> --<br>
>>>>>>>> Summers Pittman<br>
>>>>>>>>>> Phone:404 941 4698<br>
>>>>>>>>>> Java is my crack.<br>
>>>>>>>> _______________________________________________<br>
>>>>>>>> aerogear-dev mailing list<br>
>>>>>>>> <a href="mailto:aerogear-dev@lists.jboss.org">aerogear-dev@lists.jboss.org</a><br>
>>>>>>>> <a href="https://lists.jboss.org/mailman/listinfo/aerogear-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/aerogear-dev</a><br>
>>>>>>> --<br>
>>>>>>><br>
>>>>>>> abstractj<br>
>>>>>>> PGP: 0x84DC9914<br>
>>>>>>> _______________________________________________<br>
>>>>>>> aerogear-dev mailing list<br>
>>>>>>> <a href="mailto:aerogear-dev@lists.jboss.org">aerogear-dev@lists.jboss.org</a><br>
>>>>>>> <a href="https://lists.jboss.org/mailman/listinfo/aerogear-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/aerogear-dev</a><br>
>>>>>> _______________________________________________<br>
>>>>>> aerogear-dev mailing list<br>
>>>>>> <a href="mailto:aerogear-dev@lists.jboss.org">aerogear-dev@lists.jboss.org</a><br>
>>>>>> <a href="https://lists.jboss.org/mailman/listinfo/aerogear-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/aerogear-dev</a><br>
>>>>><br>
>>>>> --<br>
>>>>><br>
>>>>> abstractj<br>
>>>>> PGP: 0x84DC9914<br>
>>>>> _______________________________________________<br>
>>>>> aerogear-dev mailing list<br>
>>>>> <a href="mailto:aerogear-dev@lists.jboss.org">aerogear-dev@lists.jboss.org</a><br>
>>>>> <a href="https://lists.jboss.org/mailman/listinfo/aerogear-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/aerogear-dev</a><br>
>>>> _______________________________________________<br>
>>>> aerogear-dev mailing list<br>
>>>> <a href="mailto:aerogear-dev@lists.jboss.org">aerogear-dev@lists.jboss.org</a><br>
>>>> <a href="https://lists.jboss.org/mailman/listinfo/aerogear-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/aerogear-dev</a><br>
>>><br>
>>> --<br>
>>><br>
>>> abstractj<br>
>>> PGP: 0x84DC9914<br>
>>> _______________________________________________<br>
>>> aerogear-dev mailing list<br>
>>> <a href="mailto:aerogear-dev@lists.jboss.org">aerogear-dev@lists.jboss.org</a><br>
>>> <a href="https://lists.jboss.org/mailman/listinfo/aerogear-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/aerogear-dev</a><br>
>><br>
>><br>
>> --<br>
>> Summers Pittman<br>
>>>> Phone:404 941 4698<br>
>>>> Java is my crack.<br>
>><br>
>> _______________________________________________<br>
>> aerogear-dev mailing list<br>
>> <a href="mailto:aerogear-dev@lists.jboss.org">aerogear-dev@lists.jboss.org</a><br>
>> <a href="https://lists.jboss.org/mailman/listinfo/aerogear-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/aerogear-dev</a><br>
><br>
> --<br>
><br>
> abstractj<br>
> PGP: 0x84DC9914<br>
> _______________________________________________<br>
> aerogear-dev mailing list<br>
> <a href="mailto:aerogear-dev@lists.jboss.org">aerogear-dev@lists.jboss.org</a><br>
> <a href="https://lists.jboss.org/mailman/listinfo/aerogear-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/aerogear-dev</a><br>
<br>
<br>
_______________________________________________<br>
aerogear-dev mailing list<br>
<a href="mailto:aerogear-dev@lists.jboss.org">aerogear-dev@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/aerogear-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/aerogear-dev</a></div></div></blockquote></div><br><br clear="all"><div><br></div>-- <br>Matthias Wessendorf <br>
<br>blog: <a href="http://matthiaswessendorf.wordpress.com/" target="_blank">http://matthiaswessendorf.wordpress.com/</a><br>sessions: <a href="http://www.slideshare.net/mwessendorf" target="_blank">http://www.slideshare.net/mwessendorf</a><br>
twitter: <a href="http://twitter.com/mwessendorf" target="_blank">http://twitter.com/mwessendorf</a>
</div>