Hi Dilan, That is not true. Infact you can secure the endpoints when calling from AppManager. We have exposed app installation, removal as JAX-RS services. This is a layer we have written as a wrapper to add operations into device management core. Hence that layer can do that token validation.
For the next level of security for enterprise apps you need provide a manifest url. In that you have the IPA file location. That you need to somehow secure otherwise anybody will be able to download it. For enterprise apps what I suggest is to append a one time token or something in the url itself and push it to the add operation method where it will expire upon requesting a successful enterprise app download execution. Regards, Dilshan On Mon, Apr 27, 2015 at 5:02 PM, Chathura Dilan <[email protected]> wrote: > Hi Shan, > > They are direct links but secure connections can be used. Some cases like > iOS AFAIK it is not possible to send tokens or security headers along with > the installation request because it is managed by iOS itself. IMO providing > a direct link will not be a major security issue, since part of the link is > encrypted. > > So only way to make them more secure will be, generating them as one time > download links. We need to do a proper research on this with real devices, > so this feature will be support from the next version of app manager if it > is possible. > > > On Mon, Apr 27, 2015 at 4:43 PM, Shanmugarajah Sinnathamby <[email protected]> > wrote: > >> Hi Dilan, >> >> The device will invoke the url to download the apk file , how do we >> achieve the security . >> Is there any kind of token ? or its its a direct link . >> >> Can we have something like parameters without exposing the direct link of >> the file. >> >> >> >> >> >> On Mon, Apr 27, 2015 at 4:22 PM, Chathura Dilan <[email protected]> >> wrote: >> >>> Here are the APIs from app manager to subscribe, unsubscribe application >>> to a given user or a role >>> >>> 1. api/v1/apps/mobile/subscribe/tenant/{tenantDomain}/user/{username} >>> 1. api/v1/apps/mobile/unsubscribe/tenant/{tenantDomain}/user/{username} >>> 1. api/v1/apps/mobile/subscribe/tenant/{tenantDomain}/role/{roleId} >>> 1. api/v1/apps/mobile/unsubscribe/tenant/{tenantDomain}/role/{roleId} >>> >>> You need to send the appId as a form parameter to above APIs >>> additionally and all APIs protected by Basic Auth as we have decided >>> earlier. >>> >>> APIs will return application details if it is successful as follows >>> >>> { >>> platform: "android" >>> iconImage: " >>> http://192.168.1.12:9763/publisher/api/mobileapp/getfile/uwvOc0yZD4lRuFc.png >>> <http://localhost:9763/publisher/api/mobileapp/getfile/uwvOc0yZD4lRuFc.png> >>> " >>> version: "1.5" >>> packageName: "com.antivirusforandroid" >>> identifier: "com.antivirusforandroid" >>> name: "Anti Virus" >>> location: "http:// >>> <http://localhost:9763/publisher/api/mobileapp/getfile/h88Zf6ZyaaGi801.apk> >>> 192.168.1.12 >>> <http://localhost:9763/publisher/api/mobileapp/getfile/uwvOc0yZD4lRuFc.png> >>> :9763/publisher/api/mobileapp/getfile/h88Zf6ZyaaGi801.apk" >>> id: "9a3f2a2c-1ebd-46b0-85e6-4c7da3b28ac9" >>> type: "enterprise" >>> } >>> >>> >>> Note: location details will be only sent with a subscription request. >>> >>> >>> >>> On Thu, Apr 23, 2015 at 6:17 PM, Inosh Perera <[email protected]> wrote: >>> >>>> Hi Dilan, >>>> >>>> As per the offline discussion we had, I need the input and response >>>> details for the endpoint exposed from App for, >>>> 1. App install/ uninstall request. >>>> >>>> Also since App manager does not include the second >>>> point described earlier, it is not necessary >>>> 2. When the device responds back with the status of the app >>>> install/uninstall status to MDM, the end point exposed from App manager to >>>> update the status of the operation. >>>> >>>> Regards, >>>> Inosh >>>> >>>> On Mon, Mar 16, 2015 at 12:10 PM, Chathura Dilan <[email protected]> >>>> wrote: >>>> >>>>> Hi Inosh, >>>>> >>>>> We need to have an internal discussion regarding finalize the app >>>>> uninstall/uninstall and update, because this should be finalized in MDM on >>>>> how to accept request. I have created a component[1] in AppM to call MDM >>>>> endpoints assuming there is one endpoint from MDM. We can customize it >>>>> according to the MDM requirements. >>>>> >>>>> [1] - >>>>> https://github.com/wso2/carbon-appmgt/blob/feature/mdmintegration/components/appmgt/org.wso2.carbon.appmgt.mobile/src/main/java/org/wso2/carbon/appmgt/mobile/wso2mdm/WSO2MDMOperations.java >>>>> >>>>> On Mon, Mar 16, 2015 at 8:49 AM, Inosh Perera <[email protected]> wrote: >>>>> >>>>>> Hi Dilan, >>>>>> Could you please tell the necessary inputs and the response from App >>>>>> manager, for >>>>>> 1. App install/ uninstall/ reinstall request. >>>>>> 2. When the device responds back with the status of the app >>>>>> install/uninstall/reinstall status to MDM, the end point exposed from App >>>>>> manager to update the status of the operation. >>>>>> >>>>>> Regards, >>>>>> Inosh >>>>>> >>>>>> On Fri, Mar 13, 2015 at 4:44 PM, Chathura Dilan <[email protected]> >>>>>> wrote: >>>>>> >>>>>>> Hi, >>>>>>> >>>>>>> To access devices from MDM, AppM needs an API from MDM to get list >>>>>>> of enabled devices for given username, platform and platform version >>>>>>> >>>>>>> Sample response from MDM as follows >>>>>>> >>>>>>> [ >>>>>>> { >>>>>>> "id": "12345", >>>>>>> "platform": "android", >>>>>>> "model": "Nexus", >>>>>>> "platform_version": "4", >>>>>>> "name": "My Device 1", >>>>>>> "image": "http://192.168.1.40:9763/device.png";, >>>>>>> "type": "tab" >>>>>>> }, >>>>>>> { >>>>>>> "id": "678", >>>>>>> "platform": "ios", >>>>>>> "model": "iPhone", >>>>>>> "platform_version": "8", >>>>>>> "name": "My iPhone", >>>>>>> "image": "http://192.168.1.40:9763/device2.png";, >>>>>>> "type": "phone" >>>>>>> } >>>>>>> ] >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> Regards, >>>>>>> >>>>>>> Chatura Dilan Perera >>>>>>> *(Senior Software Engineer** - WSO2 Inc.**)* >>>>>>> www.dilan.me >>>>>>> >>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> Inosh Perera >>>>>> Software Engineer, WSO2 Inc. >>>>>> Tel: 0785293686 >>>>>> >>>>> >>>>> >>>>> >>>>> -- >>>>> Regards, >>>>> >>>>> Chatura Dilan Perera >>>>> *(Senior Software Engineer** - WSO2 Inc.**)* >>>>> www.dilan.me >>>>> >>>> >>>> >>>> >>>> -- >>>> Inosh Perera >>>> Software Engineer, WSO2 Inc. >>>> Tel: 0785293686 >>>> >>> >>> >>> >>> -- >>> Regards, >>> >>> Chatura Dilan Perera >>> *(Senior Software Engineer** - WSO2 Inc.**)* >>> www.dilan.me >>> >> >> >> >> -- >> *Shanmugarajah (Shan)* >> Director, Mobile Architecture, >> WSO2, Inc.; http://wso2.com >> Email: [email protected] >> Mobile : +94777748260 >> Blog: http://shanfour.blogspot.com >> > > > > -- > Regards, > > Chatura Dilan Perera > *(Senior Software Engineer** - WSO2 Inc.**)* > www.dilan.me > > _______________________________________________ > Architecture mailing list > [email protected] > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture > > -- Dilshan Edirisuriya Senior Software Engineer - WSO2 Mob: + 94 777878905 http://wso2.com/ https://www.linkedin.com/profile/view?id=50486426
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
![http://192.168.1.40:9763/device.png"](http://192.168.1.40:9763/device.png"){kind=link}
![http://192.168.1.40:9763/device2.png"](http://192.168.1.40:9763/device2.png"){kind=link}