[aerogear-dev] Modularizing the Android Library
Matthias Wessendorf
matzew at apache.org
Wed Jul 30 09:40:07 EDT 2014
FYI,
here is a JIRA that passos created for those repos:
https://issues.jboss.org/browse/AEROGEAR-1479
-M
On Mon, Jul 28, 2014 at 4:23 PM, Corinne Krych <corinnekrych at gmail.com>
wrote:
> @abstractj @summers what about being more specific and naming
> ag-android-authz as ag-android-oauth2? This will be without confusion.
> For now we only implement oauth2. If we need oauth1a impl we can have a
> separate module. wdyt?
> This is the way i’d like to go for iOS lib.
>
> With Oauth2 you do need authentication but as it’s taken care of by the
> oauth2 provider, client side lib does not need a “login” method, this
> indeed why we need auth module is different to authz one.
>
> ++
> Corinne
>
> On 28 Jul 2014, at 16:09, Bruno Oliveira <bruno at abstractj.org> wrote:
>
> > Answers inline.
> >
> > On 2014-07-28, Summers Pittman wrote:
> >> On 07/25/2014 03:01 PM, Bruno Oliveira wrote:
> >>> On 2014-07-25, Lucas Holmquist wrote:
> >>>> On Jul 25, 2014, at 1:25 PM, Bruno Oliveira <bruno at abstractj.org>
> wrote:
> >>>>
> >>>>> On 2014-07-25, Lucas Holmquist wrote:
> >>>>>> On Jul 25, 2014, at 1:16 PM, Bruno Oliveira <bruno at abstractj.org>
> wrote:
> >>>>>>
> >>>>>>> On 2014-07-25, Summers Pittman wrote:
> >>>>>>>> On 07/22/2014 11:06 AM, Bruno Oliveira wrote:
> >>>>>>>>> Passos, what does aerogear-android-security stands for? Do we
> really
> >>>>>>>>> need the authz module? My question is due to the fact that
> mostly it
> >>>>>>>>> will be together with auth module, but I could be wrong.
> >>>>>>>> You are wrong :)
> >>>>>>> Do you have authorization without authentication? Or
> authentication with
> >>>>>>> no authorization?
> >>>>>> We have this in our JS lib, the Authenitcation module, just does
> the login/logout/enroll
> >>>>>>
> >>>>>> and the Authz module doesn’t rely on it, but connects to 3rd party
> OAuth2( the current adapter ) providers
> >>>>> If it connects using a Token from a 3rd party service, is because
> it's based on some credential. So,
> >>>>> I assume that you have authentication AND authorization, there's no
> magic ;)
> >>>>>
> >>>>> Either way, name it to whatever you guys think is the best.
> >>>> yea, the names can be confusing here :). we should rename to
> “CoolSuperAwesomeThing” and “bob” :)
> >>> As long as you do at your own repository, I'm ok. Meanwhile let's not
> >>> mix the concept of OAuth2 with authorization only.
> >> OAuth2 is an implementation of Authorization. We have Jira's for
> >> OAuth1a, alternate work flows etc.
> >
> > Summers, there's no authorization without authentication before. Even
> > with OAuth2 the client make use of the Bearer authentication scheme for
> > example.
> >
> > If you assume that OAuth2 is authorization only, would be the same of
> > assume that once my application is authorized on Twitter, I should be
> able
> > to access many profiles as I want.
> >
> > Even if IETF says "The OAuth 2.0 Authorization Framework: Bearer Token
> > Usage".
> >
> >>
> >> A better way to think about it would be the auth module is user visible
> >> credential authentication and authorization. The authz module is third
> >> party authentication and authorization.a
> >
> > authz into any security context stands for "authorization", if you mix
> > both concepts here, people will get confused.
> >
> >>
> >> A while ago we did discuss revisiting authz/auth and see if they can be
> >> meaningfully merged. This may be something for a different thread. As
> >> it stands they don't make sense to be in the same module because they
> >> work differently for different use cases.
> >
> > As I said, I trust in your judgment, but mix concepts will lead to
> > confusion.
> >
> >>
> >>>
> >>>>>>
> >>>>>>>> In general
> >>>>>>>>
> >>>>>>>> Auth module consumes a username and password and manages a
> session.
> >>>>>>>> Authz fetches and consumers tokens and manages them through a
> >>>>>>>> android.app.Service service.
> >>>>>>>>> On 2014-07-22, Daniel Passos wrote:
> >>>>>>>>>> Hey Guys,
> >>>>>>>>>>
> >>>>>>>>>> Summers and I started working on agdroid modules and remove
> some cyclic
> >>>>>>>>>> dependencies. So we plan to split the agdroid on these modules:
> >>>>>>>>>>
> >>>>>>>>>> - aerogear-android-core
> >>>>>>>>>> - aerogear-android-pipe
> >>>>>>>>>> - aerogear-android-auth
> >>>>>>>>>> - aerogear-android-autz
> >>>>>>>>>> - aerogear-android-store (with option security dependecy to
> use
> >>>>>>>>>> EncryptedStores)
> >>>>>>>>>> - aerogear-android-security
> >>>>>>>>>> - aerogear-android-push
> >>>>>>>>>> - aerogear-android-push-ups
> >>>>>>>>>> - aerogear-android-offline
> >>>>>>>>>>
> >>>>>>>>>> -- Passos
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>> On Fri, May 9, 2014 at 3:55 AM, Corinne Krych <
> corinnekrych at gmail.com>
> >>>>>>>>>> wrote:
> >>>>>>>>>>
> >>>>>>>>>>> Oops
> >>>>>>>>>>> [2] https://issues.jboss.org/browse/AGIOS-187
> >>>>>>>>>>>
> >>>>>>>>>>> On 09 May 2014, at 08:52, Corinne Krych <
> corinnekrych at gmail.com> wrote:
> >>>>>>>>>>>
> >>>>>>>>>>>> [2] https://issues.jboss.org/browse/AGIOS-192
> >>>>>>>>>>> _______________________________________________
> >>>>>>>>>>> aerogear-dev mailing list
> >>>>>>>>>>> aerogear-dev at lists.jboss.org
> >>>>>>>>>>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
> >>>>>>>>>>>
> >>>>>>>>>> _______________________________________________
> >>>>>>>>>> aerogear-dev mailing list
> >>>>>>>>>> aerogear-dev at lists.jboss.org
> >>>>>>>>>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
> >>>>>>>>> --
> >>>>>>>>>
> >>>>>>>>> abstractj
> >>>>>>>>> PGP: 0x84DC9914
> >>>>>>>>> _______________________________________________
> >>>>>>>>> aerogear-dev mailing list
> >>>>>>>>> aerogear-dev at lists.jboss.org
> >>>>>>>>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
> >>>>>>>>
> >>>>>>>> --
> >>>>>>>> Summers Pittman
> >>>>>>>>>> Phone:404 941 4698
> >>>>>>>>>> Java is my crack.
> >>>>>>>> _______________________________________________
> >>>>>>>> aerogear-dev mailing list
> >>>>>>>> aerogear-dev at lists.jboss.org
> >>>>>>>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
> >>>>>>> --
> >>>>>>>
> >>>>>>> abstractj
> >>>>>>> PGP: 0x84DC9914
> >>>>>>> _______________________________________________
> >>>>>>> aerogear-dev mailing list
> >>>>>>> aerogear-dev at lists.jboss.org
> >>>>>>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
> >>>>>> _______________________________________________
> >>>>>> aerogear-dev mailing list
> >>>>>> aerogear-dev at lists.jboss.org
> >>>>>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
> >>>>>
> >>>>> --
> >>>>>
> >>>>> abstractj
> >>>>> PGP: 0x84DC9914
> >>>>> _______________________________________________
> >>>>> aerogear-dev mailing list
> >>>>> aerogear-dev at lists.jboss.org
> >>>>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
> >>>> _______________________________________________
> >>>> aerogear-dev mailing list
> >>>> aerogear-dev at lists.jboss.org
> >>>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
> >>>
> >>> --
> >>>
> >>> abstractj
> >>> PGP: 0x84DC9914
> >>> _______________________________________________
> >>> aerogear-dev mailing list
> >>> aerogear-dev at lists.jboss.org
> >>> https://lists.jboss.org/mailman/listinfo/aerogear-dev
> >>
> >>
> >> --
> >> Summers Pittman
> >>>> Phone:404 941 4698
> >>>> Java is my crack.
> >>
> >> _______________________________________________
> >> aerogear-dev mailing list
> >> aerogear-dev at lists.jboss.org
> >> https://lists.jboss.org/mailman/listinfo/aerogear-dev
> >
> > --
> >
> > abstractj
> > PGP: 0x84DC9914
> > _______________________________________________
> > aerogear-dev mailing list
> > aerogear-dev at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/aerogear-dev
>
>
> _______________________________________________
> aerogear-dev mailing list
> aerogear-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/aerogear-dev
>
--
Matthias Wessendorf
blog: http://matthiaswessendorf.wordpress.com/
sessions: http://www.slideshare.net/mwessendorf
twitter: http://twitter.com/mwessendorf
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/aerogear-dev/attachments/20140730/b571dfaf/attachment.html
More information about the aerogear-dev
mailing list