I would like to have some feedback and new ideas about the best approach to improve mobile authentication/authorization from client to server side.
This week I was digging into DS source code to see how we could provide authentication to REST resources, DS seems to be a promising project but currently in embryonic phase (I guess). So, some of the interesting parts like JaasAuthenticator and Idm integration with PicketBox are missing or don't have examples/unit tests (https://github.com/DeltaSpike/Mirror/tree/master/deltaspike/modules/security), of course that's open source and we can contribute, I'm just worried about timeframe.
I started to write 3 functional requirements to our project with Jay's review (with our basic needs - https://issues.jboss.org/browse/AEROGEAR-7) and then I wrote some thoughts https://github.com/abstractj/aerogear-security/tree/jaas do decouple authentication from MVC (it's just an idea and not a final solution)
I would like to hear suggestions/feedback about it, if somebody know a better way to move forward put your ideas on the table please.