<div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Nov 12, 2014 at 8:01 AM, Bruno Oliveira <span dir="ltr"><<a href="mailto:bruno@abstractj.org" target="_blank">bruno@abstractj.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Not against JSON, but maybe worth to take a look at <a href="http://msgpack.org/" target="_blank">http://msgpack.org/</a></blockquote><div>hum interesting as well, indeed worth a look </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><br>
<span class=""><br>
On 2014-11-11, Lukáš Fryč wrote:<br>
> On Tue, Nov 11, 2014 at 2:12 PM, Sebastien Blanc <<a href="mailto:scm.blanc@gmail.com">scm.blanc@gmail.com</a>><br>
> wrote:<br>
><br>
> > Hi,<br>
> ><br>
> > I would like to start a discussion around the import/export of<br>
> > installations in UPS. To track all the tasks, we have a ticket[1] also<br>
> > containing some sub-tasks.<br>
</span>> > <<a href="https://gist.github.com/sebastienblanc/b863b80380f8ed16ad7b#scope" target="_blank">https://gist.github.com/sebastienblanc/b863b80380f8ed16ad7b#scope</a>>Scope<br>
<span class="">> ><br>
> > For now we stick to installations, meanning we can import or export<br>
> > installations from a particular Variant. Import/Export for Variants will<br>
> > maybe come later but due to some security issues (mainly for iOS<br>
> > cert/passphrase) it's on hold.<br>
> ><br>
</span>> > <<a href="https://gist.github.com/sebastienblanc/b863b80380f8ed16ad7b#import-service" target="_blank">https://gist.github.com/sebastienblanc/b863b80380f8ed16ad7b#import-service</a>>Import<br>
<span class="">> > Service<br>
> ><br>
> > That's an easy one ;) since the service already exist [2]. It's a REST<br>
> > service and it uses the VariantId/Secret combination to authenticate.<br>
> ><br>
> > Data format looks like :<br>
> ><br>
> > [<br>
> > {<br>
> > "deviceToken" : "someTokenString",<br>
> > "deviceType" : "iPad",<br>
> > "operatingSystem" : "iOS",<br>
> > "osVersion" : "6.1.2",<br>
> > "alias" : "someUsername or email adress...",<br>
> > "categories" : ["football", "sport"]<br>
> > },<br>
> > {<br>
> > "deviceToken" : "someOtherTokenString",<br>
> > ...<br>
> > },<br>
> > ...<br>
> > ]<br>
> ><br>
> ><br>
</span>> > <<a href="https://gist.github.com/sebastienblanc/b863b80380f8ed16ad7b#export-service" target="_blank">https://gist.github.com/sebastienblanc/b863b80380f8ed16ad7b#export-service</a>>Export<br>
<span class="">> > Service<br>
> ><br>
> > Like import, it will use the variantId/secret combo to authenticate and<br>
> > retrieve the right variant to export the installations. The data structure<br>
> > format would of course looks like the one used for import.<br>
</span>> > <<a href="https://gist.github.com/sebastienblanc/b863b80380f8ed16ad7b#output-format" target="_blank">https://gist.github.com/sebastienblanc/b863b80380f8ed16ad7b#output-format</a>>Output<br>
<span class="">> > format<br>
> ><br>
> > How should provide the exported data ? I need your input here 1. Raw Json<br>
> > ? 2. Json file ? 3. Zip / tarball ?<br>
> ><br>
><br>
> Gzipped json file download sounds as easily accessible for browsers.<br>
><br>
</span>> > <<a href="https://gist.github.com/sebastienblanc/b863b80380f8ed16ad7b#ui" target="_blank">https://gist.github.com/sebastienblanc/b863b80380f8ed16ad7b#ui</a>>UI<br>
> ><br>
> > UI should be a *nice to have*<br>
<span class="">> ><br>
> > I would suggest to add 2 items (import and export) in the contextual menu<br>
> > that you can see in this screenshot :<br>
> ><br>
> ><br>
</span>> > <<a href="https://camo.githubusercontent.com/94f19f69e50a217e89363aefe52912c9b33f6355/687474703a2f2f7331352e706f7374696d672e6f72672f6779626b72737a73622f696d706f72746578706f72742e706e67" target="_blank">https://camo.githubusercontent.com/94f19f69e50a217e89363aefe52912c9b33f6355/687474703a2f2f7331352e706f7374696d672e6f72672f6779626b72737a73622f696d706f72746578706f72742e706e67</a>><br>
<span class="">> ><br>
> > For import, the user will have a file input and feedback on how many<br>
> > installations were imported. For export, the user just have to press an<br>
> > export button<br>
> ><br>
><br>
> +1 sounds good, we just need to decide whether block the user when<br>
> uploading / downloading<br>
><br>
> I guess:<br>
><br>
> a) downloading - do not block UI, downloading is a separate activity<br>
> b) uploading - block the UI, offer progress and error indication and<br>
> ability to cancel the process (transactional? - cancelling means no<br>
> installation is imported?)<br>
><br>
><br>
> ><br>
</span>> > <<a href="https://gist.github.com/sebastienblanc/b863b80380f8ed16ad7b#migration-issues" target="_blank">https://gist.github.com/sebastienblanc/b863b80380f8ed16ad7b#migration-issues</a>>Migration<br>
<span class="">> > issues<br>
> ><br>
> > So, that is a very important point that I would like to discuss. Even if<br>
</span>> > we are able to import installations, the *variantID_ and the<br>
> > __variantSecret* will not match with those that are in the Clients.<br>
<span class="">> ><br>
> > Imagine the following scenario : I export 15000 installations, my<br>
> > datacenter burns, I create a new UPS instance, with a new Push App and a<br>
> > new Variant (so new VariantID and VariantSecret), then I inport the<br>
> > installations. Well, my 15000 clients will point to the wrong variant. For<br>
> > sure, they can be updated but that might not always be an option.<br>
> ><br>
</span>> > That is why I would like suggest the following change : Make *VariantId*<br>
> > and *VariantSecret* editable, so after someone has done an import he can<br>
<span class="">> > change the values of the variants so it matches the clients.<br>
> ><br>
> > I know we had this discussion before, but in the future we might want to<br>
> > change the naming around VariantId and VariantSecret, to me it sounds more<br>
</span>> > like *variantAPIKey* / *variantAPISecret*<br>
> ><br>
> > wdyt ?<br>
> > <<a href="https://gist.github.com/sebastienblanc/b863b80380f8ed16ad7b#security" target="_blank">https://gist.github.com/sebastienblanc/b863b80380f8ed16ad7b#security</a>><br>
<span class="">> > Security<br>
> ><br>
> > As said before, import/export uses variantId/variantSecret to<br>
> > authenticate. So if someone has access to these keys he could make a<br>
> > malicious import of 500k installations. What should we do for that ? We<br>
> > could give this access only to authenticated "console" users but then it<br>
> > would be hard to expose import/export as rest service (because of KC<br>
> > implication)<br>
> ><br>
> > Please comment, ask questions , be crazy ...<br>
> ><br>
> > Sebi<br>
> ><br>
> > [1] <a href="https://issues.jboss.org/browse/AGPUSH-978" target="_blank">https://issues.jboss.org/browse/AGPUSH-978</a><br>
> ><br>
> > [2]<br>
> > <a href="http://aerogear.org/docs/specs/aerogear-unifiedpush-rest/registry/device/importer/index.html" target="_blank">http://aerogear.org/docs/specs/aerogear-unifiedpush-rest/registry/device/importer/index.html</a><br>
> ><br>
> > _______________________________________________<br>
> > aerogear-dev mailing list<br>
> > <a href="mailto:aerogear-dev@lists.jboss.org">aerogear-dev@lists.jboss.org</a><br>
> > <a href="https://lists.jboss.org/mailman/listinfo/aerogear-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/aerogear-dev</a><br>
> ><br>
<br>
> _______________________________________________<br>
> aerogear-dev mailing list<br>
> <a href="mailto:aerogear-dev@lists.jboss.org">aerogear-dev@lists.jboss.org</a><br>
> <a href="https://lists.jboss.org/mailman/listinfo/aerogear-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/aerogear-dev</a><br>
<br>
<br>
</span>--<br>
<br>
abstractj<br>
PGP: 0x84DC9914<br>
<div class="HOEnZb"><div class="h5">_______________________________________________<br>
aerogear-dev mailing list<br>
<a href="mailto:aerogear-dev@lists.jboss.org">aerogear-dev@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/aerogear-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/aerogear-dev</a></div></div></blockquote></div><br></div></div>