[aerogear-dev] AGSEC - Component planning

[Bruno Oliveira]

Good morning all.

Today most of the tasks related with security on AeroGear 
(https://issues.jboss.org/browse/AEROGEAR) were moved to 
https://issues.jboss.org/browse/AGSEC.

How to properly file jiras?

Once security is a cross-cutting concern affecting most part of the 
projects on AeroGear, people might get confused about how to file a JIRA 
for security.

So here comes my recommendation:

- Issues related with specific projects like JS, Android and iOS should 
be created into the respective jiras: AGJS, AGDROID and AGIOS. (is my 
suggestion only)

- If the issue is something that abstractj|slacker should definitely 
take a look or should work on it, please, create a link into AGSEC. For 
example: https://issues.jboss.org/browse/AGSEC-28

Here is the list of planned components for the AGSEC project in JIRA:

- examples: demos, example of usage, snippets
- docs: documentation about how to make use of security libraries, blog 
posts, updates on aerogear.org
- CI: updates on CI like new jobs to be created or improvements
- OTP: TOTP & HOTP components which affects the server, iOS, Android and JS
- crypto: implementations of cryptographic algorithms to support 
server/client side
- security-*: aerogear-security, aerogear-security-picketlink and 
aerogear-security-shiro.
- social: Twitter, Facebook, Google (any social networks to share your 
password with friends)
- auth: authentication methods to be provided (Basic, Digest, LDAP, 
OAuth2, Hawk, Mozilla Persona, Two-factor)
- authZ: authorization methods to be implemented or supported.
- storage: issues and features related with encrypted storage
- cache: issues and features related with encrypted cache

Please let me know wdyt. Once it will affect the whole project, feedback 
is important.