Re: [aerogear-dev] AG Security questions
Answers inline.
Hylke Bons <mailto:hbons@redhat.com>
September 26, 2013 8:13 AM
Hey everyone,
I'm looking at http://aerogear.org/download/ and am somewhat confused.
Some questions about the Security part of AeroGear:
1. Is there a reason why OTP are separate libraries, instead of a
namespace on the existing AG libs?
Yes there is. You don't need to bring the
bits from AG Security to
Android devices like PicketLink for example. But is possible to use
aerogear-otp-java on the client (Android) and the server (JEE apps)
2. What's the difference between "Security Providers"
and "Alternative
authentication methods"?
Security Providers: PicketLink, Apache
Shiro...<your favorite security
framework here>
Alternative authentication methods: Hawk, Mozilla Persona...etc
3. Are Hawk and Java-OTP server modules?
Not really. Hawk is a
server authentication method for AGSecurity
(https://github.com/hueniverse/hawk) and aerogear-otp-java can be used
on the server/client as I mentioned.
What about iOS-OTP? That sounds
like another client lib?
Yes it is, is another client lib. Each platform must have
their own
implementation for security.
I hope I got this right, if not, please enlighten me.
I hope that helps.
Thanks,
Hylke
_______________________________________________
aerogear-dev mailing list
aerogear-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/aerogear-dev
--
abstractj
Attachments:
- signature.asc (application/pgp-signature — 495 bytes)