[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [Aerogear-dev] AeroGear Security - call for participation



Has there been any talk yet on what do to if the user refreshes the page?  Where do you store the access token on the client side so the user doesn't have to go though the auth process again.


-Luke

Sent from my iPad

On Jul 28, 2012, at 11:56 AM, "Bruno Oliveira" <bruno abstractj org<mailto:bruno abstractj org>> wrote:

Thank you Matthias, I did the updates with the new images and that information, please refresh the url.

Let me know if you have more questions.


--
"The measure of a man is what he does with power" - Plato
-
@abstractj
-
Volenti Nihil Difficile

On Saturday, July 28, 2012 at 11:18 AM, Matthias Wessendorf wrote:

Hey,

thanks for the quick response. Useful information;

What do you think about including parts of it into your spec/draft?
I think it makes reading a bit easier;

thx!
Matthias

On Sat, Jul 28, 2012 at 3:53 PM, Bruno Oliveira <bruno abstractj org<mailto:bruno abstractj org>> wrote:
Hi Matthias, thanks for your review, answers inline.

On Saturday, July 28, 2012 at 7:35 AM, Matthias Wessendorf wrote:

hi,

a few minor comments after giving it a quick shot:

1) The REST resources will be generated to provide the basics for
authentication.

==> IMO basic(s) is a bit confusing when talking about auth (e.g.
application basic...), perhaps writing 'foundation' or so?
==> what will generate the resources ?

I've been planning to provide the minimal endpoints to authentication,
aerogear-security aims to have the integration with providers like
DeltaSpike and PicketLink.

Generate means something like a forge plugin or maven plugin something to
get rid of an complex configuration files. Aerogear-security must deal with
the complexity, but not our developers, that's the idea.



2) aerogear.auth
'This attribute is optional and if not present the default REST
authentication method will be assumed.'
==> 'default REST authentication' <== what does that actually mean?

Perhaps a link to some other document,
for background infos?

The endpoints provided by aerogear-security, but if you want to have an idea
about what I've been planning take a look at the external references, please
https://github.com/plataformatec/devise/


3) aerogear.auth.register
the diagram says 'signup'; perhaps using one term across
documents/diagrams does not hurt!

Indeed. I didn't get a chance to update the pictures and I assume that
people will truly understand what it means, I'll do it to the next week.

- Bruno


(I guess that applies to login/signin etc as well)

-M


On Sat, Jul 28, 2012 at 12:11 AM, Bruno Oliveira <bruno abstractj org<mailto:bruno abstractj org>>
wrote:

Hi folks,

We've been discussing a lot about security on the server side this week and
I would like to hear some feedback about the document below before going
into more specific implementation details.

http://aerogear.abstractj.org/docs/AeroGearSecurity.html

Have a nice reading! :)
--
"The measure of a man is what he does with power" - Plato
-
@abstractj
-
Volenti Nihil Difficile

_______________________________________________
aerogear-dev mailing list
aerogear-dev redhat com<mailto:aerogear-dev redhat com>
https://www.redhat.com/mailman/listinfo/aerogear-dev




--
Matthias Wessendorf

blog: http://matthiaswessendorf.wordpress.com/
sessions: http://www.slideshare.net/mwessendorf
twitter: http://twitter.com/mwessendorf



--
Matthias Wessendorf

blog: http://matthiaswessendorf.wordpress.com/
sessions: http://www.slideshare.net/mwessendorf
twitter: http://twitter.com/mwessendorf

_______________________________________________
aerogear-dev mailing list
aerogear-dev redhat com<mailto:aerogear-dev redhat com>
https://www.redhat.com/mailman/listinfo/aerogear-dev

________________________________
CONFIDENTIALITY NOTICE: The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any computer.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]