9:23 a.m.
@abstractj @summers what about being more specific and naming ag-android-authz as
ag-android-oauth2? This will be without confusion.
For now we only implement oauth2. If we need oauth1a impl we can have a separate module.
wdyt?
This is the way i’d like to go for iOS lib.
With Oauth2 you do need authentication but as it’s taken care of by the oauth2 provider,
client side lib does not need a “login” method, this indeed why we need auth module is
different to authz one.
++
Corinne
On 28 Jul 2014, at 16:09, Bruno Oliveira <bruno(a)abstractj.org> wrote:
Answers inline.
On 2014-07-28, Summers Pittman wrote:
> On 07/25/2014 03:01 PM, Bruno Oliveira wrote:
>> On 2014-07-25, Lucas Holmquist wrote:
>>> On Jul 25, 2014, at 1:25 PM, Bruno Oliveira <bruno(a)abstractj.org>
wrote:
>>>
>>>> On 2014-07-25, Lucas Holmquist wrote:
>>>>> On Jul 25, 2014, at 1:16 PM, Bruno Oliveira
<bruno(a)abstractj.org> wrote:
>>>>>
>>>>>> On 2014-07-25, Summers Pittman wrote:
>>>>>>> On 07/22/2014 11:06 AM, Bruno Oliveira wrote:
>>>>>>>> Passos, what does aerogear-android-security stands for?
Do we really
>>>>>>>> need the authz module? My question is due to the fact
that mostly it
>>>>>>>> will be together with auth module, but I could be wrong.
>>>>>>> You are wrong :)
>>>>>> Do you have authorization without authentication? Or
authentication with
>>>>>> no authorization?
>>>>> We have this in our JS lib, the Authenitcation module, just does
the login/logout/enroll
>>>>>
>>>>> and the Authz module doesn’t rely on it, but connects to 3rd party
OAuth2( the current adapter ) providers
>>>> If it connects using a Token from a 3rd party service, is because
it's based on some credential. So,
>>>> I assume that you have authentication AND authorization, there's no
magic ;)
>>>>
>>>> Either way, name it to whatever you guys think is the best.
>>> yea, the names can be confusing here :). we should rename to
“CoolSuperAwesomeThing” and “bob” :)
>> As long as you do at your own repository, I'm ok. Meanwhile let's not
>> mix the concept of OAuth2 with authorization only.
> OAuth2 is an implementation of Authorization. We have Jira's for
> OAuth1a, alternate work flows etc.
Summers, there's no authorization without authentication before. Even
with OAuth2 the client make use of the Bearer authentication scheme for
example.
If you assume that OAuth2 is authorization only, would be the same of
assume that once my application is authorized on Twitter, I should be able
to access many profiles as I want.
Even if IETF says "The OAuth 2.0 Authorization Framework: Bearer Token
Usage".
>
> A better way to think about it would be the auth module is user visible
> credential authentication and authorization. The authz module is third
> party authentication and authorization.a
authz into any security context stands for "authorization", if you mix
both concepts here, people will get confused.
>
> A while ago we did discuss revisiting authz/auth and see if they can be
> meaningfully merged. This may be something for a different thread. As
> it stands they don't make sense to be in the same module because they
> work differently for different use cases.
As I said, I trust in your judgment, but mix concepts will lead to
confusion.
>
>>
>>>>>
>>>>>>> In general
>>>>>>>
>>>>>>> Auth module consumes a username and password and manages a
session.
>>>>>>> Authz fetches and consumers tokens and manages them through
a
>>>>>>> android.app.Service service.
>>>>>>>> On 2014-07-22, Daniel Passos wrote:
>>>>>>>>> Hey Guys,
>>>>>>>>>
>>>>>>>>> Summers and I started working on agdroid modules and
remove some cyclic
>>>>>>>>> dependencies. So we plan to split the agdroid on
these modules:
>>>>>>>>>
>>>>>>>>> - aerogear-android-core
>>>>>>>>> - aerogear-android-pipe
>>>>>>>>> - aerogear-android-auth
>>>>>>>>> - aerogear-android-autz
>>>>>>>>> - aerogear-android-store (with option security
dependecy to use
>>>>>>>>> EncryptedStores)
>>>>>>>>> - aerogear-android-security
>>>>>>>>> - aerogear-android-push
>>>>>>>>> - aerogear-android-push-ups
>>>>>>>>> - aerogear-android-offline
>>>>>>>>>
>>>>>>>>> -- Passos
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> On Fri, May 9, 2014 at 3:55 AM, Corinne Krych
<corinnekrych(a)gmail.com>
>>>>>>>>> wrote:
>>>>>>>>>
>>>>>>>>>> Oops
>>>>>>>>>> [2] https://issues.jboss.org/browse/AGIOS-187
>>>>>>>>>>
>>>>>>>>>> On 09 May 2014, at 08:52, Corinne Krych
<corinnekrych(a)gmail.com> wrote:
>>>>>>>>>>
>>>>>>>>>>> [2]
https://issues.jboss.org/browse/AGIOS-192
>>>>>>>>>> _______________________________________________
>>>>>>>>>> aerogear-dev mailing list
>>>>>>>>>> aerogear-dev(a)lists.jboss.org
>>>>>>>>>>
https://lists.jboss.org/mailman/listinfo/aerogear-dev
>>>>>>>>>>
>>>>>>>>> _______________________________________________
>>>>>>>>> aerogear-dev mailing list
>>>>>>>>> aerogear-dev(a)lists.jboss.org
>>>>>>>>>
https://lists.jboss.org/mailman/listinfo/aerogear-dev
>>>>>>>> --
>>>>>>>>
>>>>>>>> abstractj
>>>>>>>> PGP: 0x84DC9914
>>>>>>>> _______________________________________________
>>>>>>>> aerogear-dev mailing list
>>>>>>>> aerogear-dev(a)lists.jboss.org
>>>>>>>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>>>>>>>
>>>>>>> --
>>>>>>> Summers Pittman
>>>>>>>>> Phone:404 941 4698
>>>>>>>>> Java is my crack.
>>>>>>> _______________________________________________
>>>>>>> aerogear-dev mailing list
>>>>>>> aerogear-dev(a)lists.jboss.org
>>>>>>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>>>>>> --
>>>>>>
>>>>>> abstractj
>>>>>> PGP: 0x84DC9914
>>>>>> _______________________________________________
>>>>>> aerogear-dev mailing list
>>>>>> aerogear-dev(a)lists.jboss.org
>>>>>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>>>>> _______________________________________________
>>>>> aerogear-dev mailing list
>>>>> aerogear-dev(a)lists.jboss.org
>>>>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>>>>
>>>> --
>>>>
>>>> abstractj
>>>> PGP: 0x84DC9914
>>>> _______________________________________________
>>>> aerogear-dev mailing list
>>>> aerogear-dev(a)lists.jboss.org
>>>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>>> _______________________________________________
>>> aerogear-dev mailing list
>>> aerogear-dev(a)lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>>
>> --
>>
>> abstractj
>> PGP: 0x84DC9914
>> _______________________________________________
>> aerogear-dev mailing list
>> aerogear-dev(a)lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>
>
> --
> Summers Pittman
>>> Phone:404 941 4698
>>> Java is my crack.
>
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/aerogear-dev
--
abstractj
PGP: 0x84DC9914
_______________________________________________
aerogear-dev mailing list
aerogear-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/aerogear-dev