[aerogear-dev] Modularizing the Android Library

Bruno Oliveira bruno at abstractj.org
Mon Jul 28 10:09:55 EDT 2014 

Answers inline.

On 2014-07-28, Summers Pittman wrote:
> On 07/25/2014 03:01 PM, Bruno Oliveira wrote:
> > On 2014-07-25, Lucas Holmquist wrote:
> >> On Jul 25, 2014, at 1:25 PM, Bruno Oliveira <bruno at abstractj.org> wrote:
> >>
> >>> On 2014-07-25, Lucas Holmquist wrote:
> >>>> On Jul 25, 2014, at 1:16 PM, Bruno Oliveira <bruno at abstractj.org> wrote:
> >>>>
> >>>>> On 2014-07-25, Summers Pittman wrote:
> >>>>>> On 07/22/2014 11:06 AM, Bruno Oliveira wrote:
> >>>>>>> Passos, what does aerogear-android-security stands for? Do we really
> >>>>>>> need the authz module? My question is due to the fact that mostly it
> >>>>>>> will be together with auth module, but I could be wrong.
> >>>>>> You are wrong :)
> >>>>> Do you have authorization without authentication? Or authentication with
> >>>>> no authorization?
> >>>> We have this in our JS lib,   the Authenitcation module, just does the login/logout/enroll
> >>>>
> >>>> and the Authz module doesn’t rely on it, but connects to 3rd party OAuth2( the current adapter ) providers
> >>> If it connects using a Token from a 3rd party service, is because it's based on some credential. So,
> >>> I assume that you have authentication AND authorization, there's no magic ;)
> >>>
> >>> Either way, name it to whatever you guys think is the best.
> >> yea,  the names can be confusing here :).  we should rename to “CoolSuperAwesomeThing” and “bob”  :)
> > As long as you do at your own repository, I'm ok. Meanwhile let's not
> > mix the concept of OAuth2 with authorization only.
> OAuth2 is an implementation of Authorization.  We have Jira's for
> OAuth1a, alternate work flows etc.

Summers, there's no authorization without authentication before. Even
with OAuth2 the client make use of the Bearer authentication scheme for
example.

If you assume that OAuth2 is authorization only, would be the same of
assume that once my application is authorized on Twitter, I should be able
to access many profiles as I want.

Even if IETF says "The OAuth 2.0 Authorization Framework: Bearer Token
Usage".

>
> A better way to think about it would be the auth module is user visible
> credential authentication and authorization.  The authz module is third
> party authentication and authorization.a

authz into any security context stands for "authorization", if you mix
both concepts here, people will get confused.

>
> A while ago we did discuss revisiting authz/auth and see if they can be
> meaningfully merged.  This may be something for a different thread.  As
> it stands they don't make sense to be in the same module because they
> work differently for different use cases.

As I said, I trust in your judgment, but mix concepts will lead to
confusion.

>
> >
> >>>>
> >>>>>> In general
> >>>>>>
> >>>>>> Auth module consumes a username and password and manages a session.
> >>>>>> Authz fetches and consumers tokens and manages them through a
> >>>>>> android.app.Service service.
> >>>>>>> On 2014-07-22, Daniel Passos wrote:
> >>>>>>>> Hey Guys,
> >>>>>>>>
> >>>>>>>> Summers and I started working on agdroid modules and remove some cyclic
> >>>>>>>> dependencies. So we plan to split the agdroid on these modules:
> >>>>>>>>
> >>>>>>>>    - aerogear-android-core
> >>>>>>>>    - aerogear-android-pipe
> >>>>>>>>    - aerogear-android-auth
> >>>>>>>>    - aerogear-android-autz
> >>>>>>>>    - aerogear-android-store (with option security dependecy to use
> >>>>>>>>    EncryptedStores)
> >>>>>>>>    - aerogear-android-security
> >>>>>>>>    - aerogear-android-push
> >>>>>>>>    - aerogear-android-push-ups
> >>>>>>>>    - aerogear-android-offline
> >>>>>>>>
> >>>>>>>> -- Passos
> >>>>>>>> ​
> >>>>>>>>
> >>>>>>>>
> >>>>>>>> On Fri, May 9, 2014 at 3:55 AM, Corinne Krych <corinnekrych at gmail.com>
> >>>>>>>> wrote:
> >>>>>>>>
> >>>>>>>>> Oops
> >>>>>>>>> [2] https://issues.jboss.org/browse/AGIOS-187
> >>>>>>>>>
> >>>>>>>>> On 09 May 2014, at 08:52, Corinne Krych <corinnekrych at gmail.com> wrote:
> >>>>>>>>>
> >>>>>>>>>> [2] https://issues.jboss.org/browse/AGIOS-192
> >>>>>>>>> _______________________________________________
> >>>>>>>>> aerogear-dev mailing list
> >>>>>>>>> aerogear-dev at lists.jboss.org
> >>>>>>>>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
> >>>>>>>>>
> >>>>>>>> _______________________________________________
> >>>>>>>> aerogear-dev mailing list
> >>>>>>>> aerogear-dev at lists.jboss.org
> >>>>>>>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
> >>>>>>> --
> >>>>>>>
> >>>>>>> abstractj
> >>>>>>> PGP: 0x84DC9914
> >>>>>>> _______________________________________________
> >>>>>>> aerogear-dev mailing list
> >>>>>>> aerogear-dev at lists.jboss.org
> >>>>>>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
> >>>>>>
> >>>>>> --
> >>>>>> Summers Pittman
> >>>>>>>> Phone:404 941 4698
> >>>>>>>> Java is my crack.
> >>>>>> _______________________________________________
> >>>>>> aerogear-dev mailing list
> >>>>>> aerogear-dev at lists.jboss.org
> >>>>>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
> >>>>> --
> >>>>>
> >>>>> abstractj
> >>>>> PGP: 0x84DC9914
> >>>>> _______________________________________________
> >>>>> aerogear-dev mailing list
> >>>>> aerogear-dev at lists.jboss.org
> >>>>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
> >>>> _______________________________________________
> >>>> aerogear-dev mailing list
> >>>> aerogear-dev at lists.jboss.org
> >>>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
> >>>
> >>> --
> >>>
> >>> abstractj
> >>> PGP: 0x84DC9914
> >>> _______________________________________________
> >>> aerogear-dev mailing list
> >>> aerogear-dev at lists.jboss.org
> >>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
> >> _______________________________________________
> >> aerogear-dev mailing list
> >> aerogear-dev at lists.jboss.org
> >> https://lists.jboss.org/mailman/listinfo/aerogear-dev
> >
> > --
> >
> > abstractj
> > PGP: 0x84DC9914
> > _______________________________________________
> > aerogear-dev mailing list
> > aerogear-dev at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/aerogear-dev
>
>
> --
> Summers Pittman
> >>Phone:404 941 4698
> >>Java is my crack.
>
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/aerogear-dev

--

abstractj
PGP: 0x84DC9914

More information about the aerogear-dev mailing list