Hi Deepali, take a look at this presentation, might help. That pic on staging wasn't updated at the aerogear.org site.
http://quantum.abstractj.org/talks/2012/aerogear/otp/index.html#/
--
"The measure of a man is what he does with power" - Plato
-
@abstractj
-
Volenti Nihil Difficile
On Tuesday, December 4, 2012 at 4:16 PM, Deepali Khushraj wrote:Hello,No data is sent to the server
Some questions on the aerogear OTP flows:
* In scenario 1, during registration, the server generates the secret and does OTP validation. I was wondering what data is being sent to server? Asking since, I didn't see "Generate OTP" on client-side in the picture
* Are we recommending developers to use TOTP or HOTP or both?
* How does this approach compare to Google's application-specific passwords, where OTP generation takes place outside the app?
This looks like great stuff!
Thanks!
Deepali.
On Nov 29, 2012, at 11:22 AM, Bruno Oliveira <bruno@abstractj.org (mailto:bruno@abstractj.org)> wrote:Morning everyone, just to let you guys know that the security roadmap was finally updated. Feel free to add comments/suggestions on github.
https://github.com/aerogear/aerogear.org/pull/15
--
"The measure of a man is what he does with power" - Plato
-
@abstractj
-
Volenti Nihil Difficile
_______________________________________________
aerogear-dev mailing list
aerogear-dev@lists.jboss.org (mailto:aerogear-dev@lists.jboss.org)
https://lists.jboss.org/mailman/listinfo/aerogear-dev
_______________________________________________
aerogear-dev mailing list
aerogear-dev@lists.jboss.org (mailto:aerogear-dev@lists.jboss.org)
https://lists.jboss.org/mailman/listinfo/aerogear-dev
_______________________________________________
aerogear-dev mailing list
aerogear-dev@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/aerogear-dev