FYI,here is a JIRA that passos created for those repos:On Mon, Jul 28, 2014 at 4:23 PM, Corinne Krych <corinnekrych@gmail.com> wrote:@abstractj @summers what about being more specific and naming ag-android-authz as ag-android-oauth2? This will be without confusion.
For now we only implement oauth2. If we need oauth1a impl we can have a separate module. wdyt?
This is the way i’d like to go for iOS lib.
With Oauth2 you do need authentication but as it’s taken care of by the oauth2 provider, client side lib does not need a “login” method, this indeed why we need auth module is different to authz one.
++
Corinne
On 28 Jul 2014, at 16:09, Bruno Oliveira <bruno@abstractj.org> wrote:
> Answers inline.
>
> On 2014-07-28, Summers Pittman wrote:
>> On 07/25/2014 03:01 PM, Bruno Oliveira wrote:
>>> On 2014-07-25, Lucas Holmquist wrote:
>>>> On Jul 25, 2014, at 1:25 PM, Bruno Oliveira <bruno@abstractj.org> wrote:
>>>>
>>>>> On 2014-07-25, Lucas Holmquist wrote:
>>>>>> On Jul 25, 2014, at 1:16 PM, Bruno Oliveira <bruno@abstractj.org> wrote:
>>>>>>
>>>>>>> On 2014-07-25, Summers Pittman wrote:
>>>>>>>> On 07/22/2014 11:06 AM, Bruno Oliveira wrote:
>>>>>>>>> Passos, what does aerogear-android-security stands for? Do we really
>>>>>>>>> need the authz module? My question is due to the fact that mostly it
>>>>>>>>> will be together with auth module, but I could be wrong.
>>>>>>>> You are wrong :)
>>>>>>> Do you have authorization without authentication? Or authentication with
>>>>>>> no authorization?
>>>>>> We have this in our JS lib, the Authenitcation module, just does the login/logout/enroll
>>>>>>
>>>>>> and the Authz module doesn’t rely on it, but connects to 3rd party OAuth2( the current adapter ) providers
>>>>> If it connects using a Token from a 3rd party service, is because it's based on some credential. So,
>>>>> I assume that you have authentication AND authorization, there's no magic ;)
>>>>>
>>>>> Either way, name it to whatever you guys think is the best.
>>>> yea, the names can be confusing here :). we should rename to “CoolSuperAwesomeThing” and “bob” :)
>>> As long as you do at your own repository, I'm ok. Meanwhile let's not
>>> mix the concept of OAuth2 with authorization only.
>> OAuth2 is an implementation of Authorization. We have Jira's for
>> OAuth1a, alternate work flows etc.
>
> Summers, there's no authorization without authentication before. Even
> with OAuth2 the client make use of the Bearer authentication scheme for
> example.
>
> If you assume that OAuth2 is authorization only, would be the same of
> assume that once my application is authorized on Twitter, I should be able
> to access many profiles as I want.
>
> Even if IETF says "The OAuth 2.0 Authorization Framework: Bearer Token
> Usage".
>
>>
>> A better way to think about it would be the auth module is user visible
>> credential authentication and authorization. The authz module is third
>> party authentication and authorization.a
>
> authz into any security context stands for "authorization", if you mix
> both concepts here, people will get confused.
>
>>
>> A while ago we did discuss revisiting authz/auth and see if they can be
>> meaningfully merged. This may be something for a different thread. As
>> it stands they don't make sense to be in the same module because they
>> work differently for different use cases.
>
> As I said, I trust in your judgment, but mix concepts will lead to
> confusion.
>
>>
>>>
>>>>>>
>>>>>>>> In general
>>>>>>>>
>>>>>>>> Auth module consumes a username and password and manages a session.
>>>>>>>> Authz fetches and consumers tokens and manages them through a
>>>>>>>> android.app.Service service.
>>>>>>>>> On 2014-07-22, Daniel Passos wrote:
>>>>>>>>>> Hey Guys,
>>>>>>>>>>
>>>>>>>>>> Summers and I started working on agdroid modules and remove some cyclic
>>>>>>>>>> dependencies. So we plan to split the agdroid on these modules:
>>>>>>>>>>
>>>>>>>>>> - aerogear-android-core
>>>>>>>>>> - aerogear-android-pipe
>>>>>>>>>> - aerogear-android-auth
>>>>>>>>>> - aerogear-android-autz
>>>>>>>>>> - aerogear-android-store (with option security dependecy to use
>>>>>>>>>> EncryptedStores)
>>>>>>>>>> - aerogear-android-security
>>>>>>>>>> - aerogear-android-push
>>>>>>>>>> - aerogear-android-push-ups
>>>>>>>>>> - aerogear-android-offline
>>>>>>>>>>
>>>>>>>>>> -- Passos
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> On Fri, May 9, 2014 at 3:55 AM, Corinne Krych <corinnekrych@gmail.com>
>>>>>>>>>> wrote:
>>>>>>>>>>
>>>>>>>>>>> Oops
>>>>>>>>>>> [2] https://issues.jboss.org/browse/AGIOS-187
>>>>>>>>>>>
>>>>>>>>>>> On 09 May 2014, at 08:52, Corinne Krych <corinnekrych@gmail.com> wrote:
>>>>>>>>>>>
>>>>>>>>>>>> [2] https://issues.jboss.org/browse/AGIOS-192
>>>>>>>>>>> _______________________________________________
>>>>>>>>>>> aerogear-dev mailing list
>>>>>>>>>>> aerogear-dev@lists.jboss.org
>>>>>>>>>>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>>>>>>>>>>>
>>>>>>>>>> _______________________________________________
>>>>>>>>>> aerogear-dev mailing list
>>>>>>>>>> aerogear-dev@lists.jboss.org
>>>>>>>>>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>>>>>>>>> --
>>>>>>>>>
>>>>>>>>> abstractj
>>>>>>>>> PGP: 0x84DC9914
>>>>>>>>> _______________________________________________
>>>>>>>>> aerogear-dev mailing list
>>>>>>>>> aerogear-dev@lists.jboss.org
>>>>>>>>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>>>>>>>>
>>>>>>>> --
>>>>>>>> Summers Pittman
>>>>>>>>>> Phone:404 941 4698
>>>>>>>>>> Java is my crack.
>>>>>>>> _______________________________________________
>>>>>>>> aerogear-dev mailing list
>>>>>>>> aerogear-dev@lists.jboss.org
>>>>>>>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>>>>>>> --
>>>>>>>
>>>>>>> abstractj
>>>>>>> PGP: 0x84DC9914
>>>>>>> _______________________________________________
>>>>>>> aerogear-dev mailing list
>>>>>>> aerogear-dev@lists.jboss.org
>>>>>>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>>>>>> _______________________________________________
>>>>>> aerogear-dev mailing list
>>>>>> aerogear-dev@lists.jboss.org
>>>>>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>>>>>
>>>>> --
>>>>>
>>>>> abstractj
>>>>> PGP: 0x84DC9914
>>>>> _______________________________________________
>>>>> aerogear-dev mailing list
>>>>> aerogear-dev@lists.jboss.org
>>>>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>>>> _______________________________________________
>>>> aerogear-dev mailing list
>>>> aerogear-dev@lists.jboss.org
>>>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>>>
>>> --
>>>
>>> abstractj
>>> PGP: 0x84DC9914
>>> _______________________________________________
>>> aerogear-dev mailing list
>>> aerogear-dev@lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>>
>>
>> --
>> Summers Pittman
>>>> Phone:404 941 4698
>>>> Java is my crack.
>>
>> _______________________________________________
>> aerogear-dev mailing list
>> aerogear-dev@lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>
> --
>
> abstractj
> PGP: 0x84DC9914
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev@lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/aerogear-dev
_______________________________________________
aerogear-dev mailing list
aerogear-dev@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/aerogear-dev--
Matthias Wessendorf
blog: http://matthiaswessendorf.wordpress.com/
sessions: http://www.slideshare.net/mwessendorf
twitter: http://twitter.com/mwessendorf