On Wed, Apr 10, 2013 at 8:52 AM, Bruno Oliveira <bruno@abstractj.org> wrote:
I'm still thinking about your problem (must try before). Is APP ID (+ mobile-variant ID) really necessary?.

from my original point of view: yes
Somehow the app installation (on the device) needs to tell the "registration server" I am an installation of your "FOO APP";

We could use something else instead of the "internal ids" ( PUSH-APP ID (+ mobile-variant ID)) - on both, android and iOS, there is something like an "app id" (think packages in java), but it's not unique.
So there is a chance that different users of the server have an app, in the app store, that have the same ID (since picked by the developer).

 
I'm just concerned about the non repudiation, for what do you want we could introduce the concept of zero-knowledge proof for devices (http://en.wikipedia.org/wiki/Zero-knowledge_proof).

Thanks for sharing!!!  It's a pretty complex paper :) Looks like at least some sort of "interactions" are required to have the proof; 
I also (for simpler understanding) read the German version of that article, which says something like: "its practical usage is rare, since the system requires lot's of interaction, which is why (according to the article) practical auth-protocols are based on "digital signatures""
Not sure if that statement is true :)


However, I guess, requiring lot's of interactions between device and server, for registration of the token may be a problem. not sure how "chatty" that would be. Perhaps I am totally wrong :)

 

I'm not saying it's easy to achieve,

:-) yeah - sounds pretty complex

 
but let me know if APP ID (+ mobile variant ID) can be replaced.


I guess it can, all we really need is the device telling the server: "Hey I belong to your BLAH app" :)

 
My suggestion is to move forward as is, until we figure out a better way to do it.


sounds like a plan! I will continue with the IDs and we can improve this later;


However, from reading, the "zero-knowledge proof" concept is an interesting thing

 

Makes sense?


Absolutely !

 


--
"The measure of a man is what he does with power" - Plato
-
@abstractj
-
Volenti Nihil Difficile



On Tuesday, April 9, 2013 at 1:20 PM, Matthias Wessendorf wrote:

>
> So...... the following information needs to be available.... so that the mobile dev. for the free iOS app can register the token with the server:
>
> APP ID (+ mobile-variant ID)


_______________________________________________
aerogear-dev mailing list
aerogear-dev@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/aerogear-dev



--
Matthias Wessendorf

blog: http://matthiaswessendorf.wordpress.com/
sessions: http://www.slideshare.net/mwessendorf
twitter: http://twitter.com/mwessendorf