On Sunday, July 29, 2012 at 2:50 PM, Holmquist, Lucas wrote:
Has there been any talk yet on what do to if the user refreshes the page? Where do you store the access token on the client side so the user doesn't have to go though the auth process again.-LukeSent from my iPadOn Jul 28, 2012, at 11:56 AM, "Bruno Oliveira" <bruno abstractj org<mailto:bruno abstractj org>> wrote:Thank you Matthias, I did the updates with the new images and that information, please refresh the url.Let me know if you have more questions.--"The measure of a man is what he does with power" - Plato-@abstractj-Volenti Nihil DifficileOn Saturday, July 28, 2012 at 11:18 AM, Matthias Wessendorf wrote:Hey,thanks for the quick response. Useful information;What do you think about including parts of it into your spec/draft?I think it makes reading a bit easier;thx!MatthiasOn Sat, Jul 28, 2012 at 3:53 PM, Bruno Oliveira <bruno abstractj org<mailto:bruno abstractj org>> wrote:Hi Matthias, thanks for your review, answers inline.On Saturday, July 28, 2012 at 7:35 AM, Matthias Wessendorf wrote:hi,a few minor comments after giving it a quick shot:1) The REST resources will be generated to provide the basics forauthentication.==> IMO basic(s) is a bit confusing when talking about auth (e.g.application basic...), perhaps writing 'foundation' or so?==> what will generate the resources ?I've been planning to provide the minimal endpoints to authentication,aerogear-security aims to have the integration with providers likeDeltaSpike and PicketLink.Generate means something like a forge plugin or maven plugin something toget rid of an complex configuration files. Aerogear-security must deal withthe complexity, but not our developers, that's the idea.2) aerogear.auth'This attribute is optional and if not present the default RESTauthentication method will be assumed.'==> 'default REST authentication' <== what does that actually mean?Perhaps a link to some other document,for background infos?The endpoints provided by aerogear-security, but if you want to have an ideaabout what I've been planning take a look at the external references, please3) aerogear.auth.registerthe diagram says 'signup'; perhaps using one term acrossdocuments/diagrams does not hurt!Indeed. I didn't get a chance to update the pictures and I assume thatpeople will truly understand what it means, I'll do it to the next week.- Bruno(I guess that applies to login/signin etc as well)-MOn Sat, Jul 28, 2012 at 12:11 AM, Bruno Oliveira <bruno abstractj org<mailto:bruno abstractj org>>wrote:Hi folks,We've been discussing a lot about security on the server side this week andI would like to hear some feedback about the document below before goinginto more specific implementation details.Have a nice reading! :)--"The measure of a man is what he does with power" - Plato-@abstractj-Volenti Nihil Difficile_______________________________________________aerogear-dev mailing listaerogear-dev redhat com<mailto:aerogear-dev redhat com>--Matthias Wessendorfsessions: http://www.slideshare.net/mwessendorftwitter: http://twitter.com/mwessendorf--Matthias Wessendorfsessions: http://www.slideshare.net/mwessendorftwitter: http://twitter.com/mwessendorf_______________________________________________aerogear-dev mailing listaerogear-dev redhat com<mailto:aerogear-dev redhat com>________________________________CONFIDENTIALITY NOTICE: The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any computer.