Hi Bruno,

while was doing some JIRA "work" :) as well, I felt like entering these items to our AGSEC instance:

https://issues.jboss.org/browse/AGSEC-50
https://issues.jboss.org/browse/AGSEC-51
https://issues.jboss.org/browse/AGSEC-52
https://issues.jboss.org/browse/AGSEC-53
https://issues.jboss.org/browse/AGSEC-54

Perhaps they will need to be converted into "sub-task" of other, related, tickets, but I felt like: "Better hammer them in, instead of forgetting".

Greetings,
Matthias




On Thu, May 23, 2013 at 11:32 PM, Bruno Oliveira <bruno@abstractj.org> wrote:
Mahalo, here comes my proposal to AGSEC roadmap. Disclaimer: some tasks
are related with JS, iOS and Android. I don't want to push tasks to the
other teams, so feel free to assign to me as needed.

Again, feedback is more than welcome.

Gist: https://gist.github.com/abstractj/b50cee4eb8163ccf4c26

# AeroGear Security - Roadmap

## 1.0.1

* Bug fixes on examples and updates on AeroGear Security

* AGSEC-16: Support for multiple roles for AerogearUser (TBD with sblanc)

* AGSEC-29: Documentation with the overview and description on AeroGear
Security

* AGSEC-36: Add a method to retrieve all registered users on the
AuthenticationManager interface (TBD with sblanc)

* AGSEC-36: Add CRUD methods for AerogearUser

* Initial support for OTP on JS

## 1.1.0 (Mid June)

* AGSEC-13: Add HTTP basic authentication support to the client side

     * AGDROID-27 Add HTTP basic authentication support on AeroGear
Android (done by summers)

     * AGIOS-4 Add HTTP basic authentication support on AeroGear iOS
(christos is on it)

     * AGJS-18 Add HTTP basic authentication support on AeroGear.js (I
can help on it, I'm just following the JS roadmap)

* AGSEC-18: Add session management support

* AGSEC-27: Provide a detailed specification and which kind of
authentication schemes will be supported

* AGSEC-28: HOTP support

     * AGDROID-30: Add HOTP support to aerogear-otp-java

     * AGIOS-1: Add HOTP support to aerogear-otp-ios

* AGSEC-30: Unified Push (Add Client Access Key)

* AGSEC-31: Evaluate non repudiation for each application on the server

* AGSEC-34: Unified Push: Sec: Add Security Framework to PushEE

* AGSEC-48: Add Apache Shiro support on AeroGear Security


## 1.2.0 (Mid August)

* AGSEC-6:      Encryption for mobile devices

     * AGDROID-34 Implementation and API usage for android crypto

     * AGIOS-3 Implementation and API usage for iOS crypto

* AGSEC-15: Add HTTP digest authentication support to the client side

     * AGDROID-10 Add HTTP digest authentication support on AeroGear
Android  (Summers)


     * AGIOS-5 Add HTTP digest authentication support on AeroGear iOS
(Christos)

     * AGIOS-6 Provide a parameter on iOS to enable/disable the usage
of cookies       (abstractj)

     * AGJS-23 Add HTTP digest authentication support on AeroGear.js

* AGSEC-26: Authentication schemes for mobile devices

* AGSEC-49: Add Hawk support on AeroGear Security



## 1.3.0 (Mid October)

* AGSEC-2: Secure storage and cache

     * AGSEC-7: Provide a detailed specification about how it should work

* AGSEC-3: Url and Forms that perform important operations must be
protected by random tokens (hidden nonce values)

* AGSEC-4: Authentication of RESTful requests per transactions must be
provided as alternative on AeroGear Security

* AGSEC-14: HTTP signed requests

* AGSEC-17: Mobile devices blacklist support


## 1.4.0 (Mid January)

* AGSEC-12: Offline authentication

* AGSEC-25: Include rate-limit to incoming requests from the same origin


## 2.0.0

* AGSEC-5: Social login

     * AGSEC-8: Provide a detailed specification about which methods
will be supported

* AGSEC-19: Security & privacy policy (geo, user, misc data)

* Biometric authentication (TBD)




_______________________________________________
aerogear-dev mailing list
aerogear-dev@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/aerogear-dev



--
Matthias Wessendorf

blog: http://matthiaswessendorf.wordpress.com/
sessions: http://www.slideshare.net/mwessendorf
twitter: http://twitter.com/mwessendorf