[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[Aerogear-dev] Feedback on security readme



https://github.com/abstractj/aerogear-security

Overall great stuff.  Note, some of the items are questions from me, and some are questions I could see being asked by others :-)

* HTTP Digest authentication - why this?  What alternatives exist

* Client library support 
 * 
 
* Where does Crypto.SHA1 come from
 * should list that
 
* We will want to collapse JS into mini-lib imo

* http://myhost/user/1
 * Not relative path?
 * can be point to other places?
 
* phase 1
  * authorization only right
  * Can you use CDI to inject a user object?
    * for further work.
    
* Web mobile --> web/mobile 

* Define the domain a little better

* does getUser return a user object, or a Long?

* What happens when the you access secured resources and you're not logged inject

* Where and how are users created, edited, removed?


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]