<div dir="ltr">You are right, guys, with storing the messages, we are hitting the security implications that I didn't think about.<div><br></div><div>Right now they have to be handled by third-party providers, but in this case, we would need to encrypt data, pass certification, etc, that is rather a target for internal infrastructure than a cloud service.</div><div><br></div><div>We could probably come with an encryption model that would allow only given SimplePush retrieve the message, involving client's private key and version number, but question is whether that is worth the trouble and complexity.</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Mon, Oct 20, 2014 at 4:03 PM, jr conlin <span dir="ltr"><<a href="mailto:jrconlin@gmail.com" target="_blank">jrconlin@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">FYI, Officially, the predecessor for SimplePush will be WebPush,<br>
<a href="https://datatracker.ietf.org/wg/webpush/charter/" target="_blank">https://datatracker.ietf.org/wg/webpush/charter/</a><br>
which runs on top of HTTP2<br>
<a href="http://http2.github.io/" target="_blank">http://http2.github.io/</a><br>
<br>
Unofficially, data is kind of a pain in the patootie, but obviously<br>
really handy to have. There are security and privacy issues a-plenty<br>
when dealing with data storage (HIPPA & subpoenas come to mind in the<br>
US.) Internally, we're kicking around the idea of allowing data, but not<br>
allowing storage, (so a device would only get data if it was actively<br>
connected. If it was offline, it would only get the version number<br>
update when it reconnected).<br>
<br>
I'm also interested in what y'all come up with.<br>
<div class="HOEnZb"><div class="h5"><br>
On 10/20/2014 4:58 AM, Lukáš Fryč wrote:<br>
> Hey guys,<br>
><br>
> I'm working on a demo of UPS pushing to iOS, Android, Windows, as well<br>
> as Firefox OS using our Cordova plugin.<br>
><br>
> But as you know, with FFOS it is not that simple - since SimplePush<br>
> protocol allows to transfer just incremental versions, we are not able<br>
> to deliver any interesting message.<br>
><br>
> UnifiedPush Server could be a correct place where we unify and shield<br>
> our users from this limitation:<br>
><br>
><br>
> my idea is storing the message on UPS under the SimplePush endpoint<br>
> URL. Once the message with version reaches the client, he would<br>
> contact UPS to retrieve this message under a key ( pushEndpoint,<br>
> version ).<br>
><br>
> The messages could have default built-in TTL to allow periodic cleanup.<br>
><br>
> What do you think?<br>
><br>
><br>
> Cheers,<br>
><br>
> ~ Lukas<br>
><br>
><br>
</div></div><div class="HOEnZb"><div class="h5">> _______________________________________________<br>
> aerogear-dev mailing list<br>
> <a href="mailto:aerogear-dev@lists.jboss.org">aerogear-dev@lists.jboss.org</a><br>
> <a href="https://lists.jboss.org/mailman/listinfo/aerogear-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/aerogear-dev</a><br>
<br>
_______________________________________________<br>
aerogear-dev mailing list<br>
<a href="mailto:aerogear-dev@lists.jboss.org">aerogear-dev@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/aerogear-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/aerogear-dev</a></div></div></blockquote></div><br></div>