Adding the reference [1] https://developer.android.com/reference/android/accounts/AccountManager.html
Regards, Firzhan email: [email protected] mobile: (+94) 77 9785674 <%28%2B94%29%2071%205247551>*| blog: http://firzhanblogger.blogspot.com/ <http://firzhanblogger.blogspot.com/> <http://suhothayan.blogspot.com/>* *twitter: https://twitter.com/firzhan007 <https://twitter.com/firzhan007> | linked-in: **https://www.linkedin.com/in/firzhan <https://www.linkedin.com/in/firzhan>* On Tue, Dec 19, 2017 at 7:38 AM, Firzhan Naqash <[email protected]> wrote: > Hi Gayan, > > I would also prefer the 3rd option. Different vendors provide different > methodologies to secure information in the mobile devices as in > Android, AccountManaer[1] class provides secured access to the centralized > registry and applications use this class to store it's secured credentials. > > > > Regards, > Firzhan > > > email: [email protected] > mobile: (+94) 77 9785674 <%28%2B94%29%2071%205247551>*| > blog: http://firzhanblogger.blogspot.com/ > <http://firzhanblogger.blogspot.com/> <http://suhothayan.blogspot.com/>* > *twitter: https://twitter.com/firzhan007 > <https://twitter.com/firzhan007> | linked-in: > **https://www.linkedin.com/in/firzhan > <https://www.linkedin.com/in/firzhan>* > > On Mon, Dec 18, 2017 at 3:07 PM, Godwin Shrimal <[email protected]> wrote: > >> Hi Gayan, >> >> +1 for option 3. Securing data in the mobile device is a vendor-specific >> thing. You can find some information in [1] about android data security. >> >> [1] https://developer.android.com/training/articles/security-tips.html >> >> Thanks >> Godwin >> >> On Mon, Dec 18, 2017 at 2:50 PM, Gayan Gunawardana <[email protected]> >> wrote: >> >>> Hi All, >>> >>> In Identity Server DCR endpoints are secured with pluggable security >>> layer where we can use Basic Authentication, Oauth, Certificate based >>> authentication and any custom authentication. We have below evaluation on >>> each method >>> >>> 1. Basic Authentication: From security perspective its clearly not >>> applicable to embed super tenant or tenant credentials into native >>> application. What is feasible here is to take end user credentials in run >>> time and invoke DCR end point with end user credentials (need to set >>> correct user permission to invoke DCR end point) >>> >>> 2. Certificate based Authentication: This is a good option but have few >>> problems how to distribute certificate and also other application can >>> access key chain which will be a security vulnerability (need to check with >>> mobile expert) >>> >>> 3. Oauth based Authentication: Securing DCR endpoint with initial access >>> token is a practice coming from DCR specification but the problem is how to >>> store this initial access token securely in mobile application. >>> >>> WDYT? >>> >>> Thanks, >>> Gayan >>> >>> -- >>> Gayan Gunawardana >>> Senior Software Engineer; WSO2 Inc.; http://wso2.com/ >>> Email: [email protected] >>> Mobile: +94 (71) 8020933 >>> >>> _______________________________________________ >>> Architecture mailing list >>> [email protected] >>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>> >>> >> >> >> -- >> *Godwin Amila Shrimal* >> Associate Technical Lead >> WSO2 Inc.; http://wso2.com >> lean.enterprise.middleware >> >> mobile: *+94772264165* >> linkedin: *https://www.linkedin.com/in/godwin-amila-2ba26844/ >> <https://www.linkedin.com/in/godwin-amila-2ba26844/>* >> twitter: https://twitter.com/godwinamila >> <http://wso2.com/signature> >> >> _______________________________________________ >> Architecture mailing list >> [email protected] >> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >> >> >
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
