<div dir="ltr"><div class="gmail_extra"><div class="gmail_quote">Jira created</div><div class="gmail_quote"><br></div><div class="gmail_quote">On Fri, Oct 10, 2014 at 11:20 AM, Bruno Oliveira <span dir="ltr"><<a href="mailto:bruno@abstractj.org" target="_blank">bruno@abstractj.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><span class="">On 2014-10-10, Daniel Passos wrote:<br>
> Hi guys,<br>
><br>
> Yep, In Android land we have secret request and qrcode scan.<br>
><br>
> 1) May be is a good idea remove the secret request?<br>
<br>
</span>+1<br></blockquote><div><br></div><div><a href="https://issues.jboss.org/browse/AGDROID-299">https://issues.jboss.org/browse/AGDROID-299</a><br></div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><span class="">
><br>
> 2) In related news, today we not store the secret. I think store that<br>
> before publish is a good thing to do<br>
<br>
</span>+1 Feel free to file jiras and assign to me if you want.<br></blockquote><div><br></div><div><a href="https://issues.jboss.org/browse/AGDROID-300">https://issues.jboss.org/browse/AGDROID-300</a><br></div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div class=""><div class="h5">
> -- Passos<br>
><br>
><br>
> On Fri, Oct 10, 2014 at 4:47 AM, Matthias Wessendorf <<a href="mailto:matzew@apache.org">matzew@apache.org</a>><br>
> wrote:<br>
><br>
> ><br>
> ><br>
> > On Fri, Oct 10, 2014 at 9:00 AM, Corinne Krych <<a href="mailto:corinnekrych@gmail.com">corinnekrych@gmail.com</a>><br>
> > wrote:<br>
> ><br>
> >> Same here Bruno I would like to publish Shoot, in its Swift version to<br>
> >> apple store.<br>
> >><br>
> ><br>
> > +1 that is even useful :)<br>
> > so not a "demo" at all.<br>
> ><br>
> > Great idea!<br>
> ><br>
> ><br>
> >> We have a ticket to enhance it with an iOS photo sharing dialog. Once<br>
> >> this one is done, let's submit.<br>
> >> For the app store I might limit it to Facebook and Google+, to start with.<br>
> >><br>
> >> ++<br>
> >> Corinne<br>
> >><br>
> >> On 10 October 2014 08:48, Christos Vasilakis <<a href="mailto:cvasilak@gmail.com">cvasilak@gmail.com</a>> wrote:<br>
> >><br>
> >>> Hi,<br>
> >>><br>
> >>> answers inline<br>
> >>><br>
> >>> On Oct 9, 2014, at 11:42 PM, Bruno Oliveira <<a href="mailto:bruno@abstractj.org">bruno@abstractj.org</a>> wrote:<br>
> >>><br>
> >>> > No way, Matthias. OTP must be always offline. To retrieve the shared<br>
> >>> > secret, we scan the QR Code.<br>
> >>> ><br>
> >>> > Maybe the iOS demo is doing it (have to revisit and confirm)[1].<br>
> >>> > On Android, I'm pretty much sure that QR Code scanning was already<br>
> >>> > implemented.<br>
> >>> ><br>
> >>><br>
> >>> revisiting this, I can see indeed on iOS the shared secret is retrieved<br>
> >>> from the server and that is only the option offered. Our Android example<br>
> >>> offers both options, either from server, or using QR code scanning, so<br>
> >>> implementing the latter on our iOS demo need to be also done.<br>
> >>><br>
> >>> created to track it :<br>
> >>> <a href="https://issues.jboss.org/browse/AGIOS-289" target="_blank">https://issues.jboss.org/browse/AGIOS-289</a><br>
> >>><br>
> >>> > We don't need to be perfect, get what is already done, improve if<br>
> >>> > possible or release what is already done.<br>
> >>><br>
> >>> +1 for releasing on the app store. My fear is, as Matthias said earlier,<br>
> >>> the ‘demo’ aspect, but with a nice description/walkthrough submission<br>
> >>> details, maybe there is chance.. and tbh I have seen far far simplest apps<br>
> >>> accepted on their store.<br>
> >>><br>
> >>><br>
> >>> -<br>
> >>> Christos<br>
> >>><br>
> >>><br>
> >>><br>
> >>> ><br>
> >>> > [1] -<br>
> >>> ><br>
> >>> <a href="https://github.com/aerogear/aerogear-otp-ios-demo/blob/5b23acbaf5c3cd74377efdd483b43a65befb11ee/AeroGear-OTP-Demo/AeroGear-OTP-Demo/Utilities/AGOTPClient.m#L63" target="_blank">https://github.com/aerogear/aerogear-otp-ios-demo/blob/5b23acbaf5c3cd74377efdd483b43a65befb11ee/AeroGear-OTP-Demo/AeroGear-OTP-Demo/Utilities/AGOTPClient.m#L63</a><br>
> >>> ><br>
> >>> ><br>
> >>> > On 2014-10-09, Matthias Wessendorf wrote:<br>
> >>> ><br>
> >>> >> On Thu, Oct 9, 2014 at 5:26 PM, Bruno Oliveira <<a href="mailto:bruno@abstractj.org">bruno@abstractj.org</a>><br>
> >>> wrote:<br>
> >>> >><br>
> >>> >>> On 2014-10-09, Matthias Wessendorf wrote:<br>
> >>> >>>> On Thu, Oct 9, 2014 at 4:57 AM, Bruno Oliveira <<a href="mailto:bruno@abstractj.org">bruno@abstractj.org</a><br>
> >>> ><br>
> >>> >>> wrote:<br>
> >>> >>>><br>
> >>> >>>>> Good morning,<br>
> >>> >>>>><br>
> >>> >>>>> TOTP was implemented on AeroGear for iOS[1] and Android[2] two<br>
> >>> years<br>
> >>> >>>>> ago. On conferences most of the developers get amazed with our API.<br>
> >>> >>>>><br>
> >>> >>>><br>
> >>> >>>> It's always great feedback when I show the OTP demo. Attendees at<br>
> >>> >>>> conferences love it!<br>
> >>> >>>><br>
> >>> >>>><br>
> >>> >>>>><br>
> >>> >>>>> Although we don't have any app published on Google Play or App<br>
> >>> Store. I<br>
> >>> >>>>> think it's time to release our demos and get some feedback from our<br>
> >>> >>>>> community.<br>
> >>> >>>>><br>
> >>> >>>><br>
> >>> >>>> with release, what do you mean? Submit to the stores?<br>
> >>> >>>> On Apple one reason we never submitted anything to their App Store<br>
> >>> is<br>
> >>> >>> their<br>
> >>> >>>> rules clearly indicate no demos are allowed in there.<br>
> >>> >>><br>
> >>> >>> I understand, it can be a real and non paid app. Once it does not<br>
> >>> depends<br>
> >>> >>> on<br>
> >>> >>> internet connection at this moment.<br>
> >>> >>><br>
> >>> >><br>
> >>> >> isn't the iOS OTP "demo" connecting to a JAX-RS backend for the<br>
> >>> tokens?<br>
> >>> >><br>
> >>> >><br>
> >>> >>><br>
> >>> >>>><br>
> >>> >>>><br>
> >>> >>>>><br>
> >>> >>>>> Into this way we can exercise things like:<br>
> >>> >>>>><br>
> >>> >>>>> - Properly store the shared secret<br>
> >>> >>>>> - Password protection with offline authentication<br>
> >>> >>>>> - If we are very confident, sync the TOTPs across authorized<br>
> >>> devices<br>
> >>> >>>>><br>
> >>> >>>>> At the moment, we don't need to do so much once most of our demos<br>
> >>> are<br>
> >>> >>>>> already on GH.<br>
> >>> >>>><br>
> >>> >>>><br>
> >>> >>>> The only thing is perhaps making sure the backend part of our OTP<br>
> >>> demo is<br>
> >>> >>>> (always) up :)<br>
> >>> >>>><br>
> >>> >>>><br>
> >>> >>>><br>
> >>> >>>>> I think it's just the matter of release it.<br>
> >>> >>>>><br>
> >>> >>>>> Thoughts?<br>
> >>> >>>>><br>
> >>> >>>><br>
> >>> >>>> I like giving these nice demos, and their used AeroGear technology,<br>
> >>> some<br>
> >>> >>>> more love and visibility.<br>
> >>> >>>><br>
> >>> >>>><br>
> >>> >>>>><br>
> >>> >>>>> [1] - <a href="https://github.com/aerogear/aerogear-otp-ios-demo" target="_blank">https://github.com/aerogear/aerogear-otp-ios-demo</a><br>
> >>> >>>>> [2] - <a href="https://github.com/aerogear/aerogear-otp-android-demo" target="_blank">https://github.com/aerogear/aerogear-otp-android-demo</a><br>
> >>> >>>>><br>
> >>> >>>>> --<br>
> >>> >>>>><br>
> >>> >>>>> abstractj<br>
> >>> >>>>> PGP: 0x84DC9914<br>
> >>> >>>>> _______________________________________________<br>
> >>> >>>>> aerogear-dev mailing list<br>
> >>> >>>>> <a href="mailto:aerogear-dev@lists.jboss.org">aerogear-dev@lists.jboss.org</a><br>
> >>> >>>>> <a href="https://lists.jboss.org/mailman/listinfo/aerogear-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/aerogear-dev</a><br>
> >>> >>>>><br>
> >>> >>>><br>
> >>> >>>><br>
> >>> >>>><br>
> >>> >>>> --<br>
> >>> >>>> Matthias Wessendorf<br>
> >>> >>>><br>
> >>> >>>> blog: <a href="http://matthiaswessendorf.wordpress.com/" target="_blank">http://matthiaswessendorf.wordpress.com/</a><br>
> >>> >>>> sessions: <a href="http://www.slideshare.net/mwessendorf" target="_blank">http://www.slideshare.net/mwessendorf</a><br>
> >>> >>>> twitter: <a href="http://twitter.com/mwessendorf" target="_blank">http://twitter.com/mwessendorf</a><br>
> >>> >>><br>
> >>> >>>> _______________________________________________<br>
> >>> >>>> aerogear-dev mailing list<br>
> >>> >>>> <a href="mailto:aerogear-dev@lists.jboss.org">aerogear-dev@lists.jboss.org</a><br>
> >>> >>>> <a href="https://lists.jboss.org/mailman/listinfo/aerogear-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/aerogear-dev</a><br>
> >>> >>><br>
> >>> >>><br>
> >>> >>> --<br>
> >>> >>><br>
> >>> >>> abstractj<br>
> >>> >>> PGP: 0x84DC9914<br>
> >>> >>> _______________________________________________<br>
> >>> >>> aerogear-dev mailing list<br>
> >>> >>> <a href="mailto:aerogear-dev@lists.jboss.org">aerogear-dev@lists.jboss.org</a><br>
> >>> >>> <a href="https://lists.jboss.org/mailman/listinfo/aerogear-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/aerogear-dev</a><br>
> >>> >>><br>
> >>> >><br>
> >>> >><br>
> >>> >><br>
> >>> >> --<br>
> >>> >> Matthias Wessendorf<br>
> >>> >><br>
> >>> >> blog: <a href="http://matthiaswessendorf.wordpress.com/" target="_blank">http://matthiaswessendorf.wordpress.com/</a><br>
> >>> >> sessions: <a href="http://www.slideshare.net/mwessendorf" target="_blank">http://www.slideshare.net/mwessendorf</a><br>
> >>> >> twitter: <a href="http://twitter.com/mwessendorf" target="_blank">http://twitter.com/mwessendorf</a><br>
> >>> ><br>
> >>> >> _______________________________________________<br>
> >>> >> aerogear-dev mailing list<br>
> >>> >> <a href="mailto:aerogear-dev@lists.jboss.org">aerogear-dev@lists.jboss.org</a><br>
> >>> >> <a href="https://lists.jboss.org/mailman/listinfo/aerogear-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/aerogear-dev</a><br>
> >>> ><br>
> >>> ><br>
> >>> > --<br>
> >>> ><br>
> >>> > abstractj<br>
> >>> > PGP: 0x84DC9914<br>
> >>> > _______________________________________________<br>
> >>> > aerogear-dev mailing list<br>
> >>> > <a href="mailto:aerogear-dev@lists.jboss.org">aerogear-dev@lists.jboss.org</a><br>
> >>> > <a href="https://lists.jboss.org/mailman/listinfo/aerogear-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/aerogear-dev</a><br>
> >>><br>
> >>><br>
> >>> _______________________________________________<br>
> >>> aerogear-dev mailing list<br>
> >>> <a href="mailto:aerogear-dev@lists.jboss.org">aerogear-dev@lists.jboss.org</a><br>
> >>> <a href="https://lists.jboss.org/mailman/listinfo/aerogear-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/aerogear-dev</a><br>
> >>><br>
> >><br>
> >><br>
> >> _______________________________________________<br>
> >> aerogear-dev mailing list<br>
> >> <a href="mailto:aerogear-dev@lists.jboss.org">aerogear-dev@lists.jboss.org</a><br>
> >> <a href="https://lists.jboss.org/mailman/listinfo/aerogear-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/aerogear-dev</a><br>
> >><br>
> ><br>
> ><br>
> ><br>
> > --<br>
> > Matthias Wessendorf<br>
> ><br>
> > blog: <a href="http://matthiaswessendorf.wordpress.com/" target="_blank">http://matthiaswessendorf.wordpress.com/</a><br>
> > sessions: <a href="http://www.slideshare.net/mwessendorf" target="_blank">http://www.slideshare.net/mwessendorf</a><br>
> > twitter: <a href="http://twitter.com/mwessendorf" target="_blank">http://twitter.com/mwessendorf</a><br>
> ><br>
> > _______________________________________________<br>
> > aerogear-dev mailing list<br>
> > <a href="mailto:aerogear-dev@lists.jboss.org">aerogear-dev@lists.jboss.org</a><br>
> > <a href="https://lists.jboss.org/mailman/listinfo/aerogear-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/aerogear-dev</a><br>
> ><br>
<br>
> _______________________________________________<br>
> aerogear-dev mailing list<br>
> <a href="mailto:aerogear-dev@lists.jboss.org">aerogear-dev@lists.jboss.org</a><br>
> <a href="https://lists.jboss.org/mailman/listinfo/aerogear-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/aerogear-dev</a><br>
<br>
<br>
--<br>
<br>
abstractj<br>
PGP: 0x84DC9914<br>
_______________________________________________<br>
aerogear-dev mailing list<br>
<a href="mailto:aerogear-dev@lists.jboss.org">aerogear-dev@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/aerogear-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/aerogear-dev</a></div></div></blockquote></div><br></div></div>