Hello,
Some questions on the aerogear OTP flows:
* In scenario 1, during registration, the server generates the secret and does OTP
validation. I was wondering what data is being sent to server? Asking since, I didn't
see "Generate OTP" on client-side in the picture.
* Are we recommending developers to use TOTP or HOTP or both?
* How does this approach compare to Google's application-specific passwords, where OTP
generation takes place outside the app?
This looks like great stuff!
Thanks!
Deepali.
On Nov 29, 2012, at 11:22 AM, Bruno Oliveira <bruno(a)abstractj.org> wrote:
Morning everyone, just to let you guys know that the security roadmap
was finally updated. Feel free to add comments/suggestions on github.
https://github.com/aerogear/aerogear.org/pull/15
--
"The measure of a man is what he does with power" - Plato
-
@abstractj
-
Volenti Nihil Difficile
_______________________________________________
aerogear-dev mailing list
aerogear-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/aerogear-dev