Most probably this is not going to support in next IS release.

On Thu, Nov 6, 2014 at 12:07 PM, Chan <[email protected]> wrote:

> Rekindling an old thread. Are we going to support this in next IS release?
>
> On Thu, Apr 17, 2014 at 8:26 PM, Kasun Dananjaya Delgolla <[email protected]
> > wrote:
>
>> +1. I think this is the ideal way of doing that.
>>
>>
>> On Thu, Apr 17, 2014 at 5:57 PM, Gayan Gunawardana <[email protected]>
>> wrote:
>>
>>> Hi,
>>>
>>> +1 for dynamic client generation.
>>>
>>> This is what we have discussed in several meetings.
>>>
>>> If time permit I can have a look at the spec and do the implementation.
>>> This will be an ideal solution for most of security holes.
>>>
>>>
>>>
>>> On Thu, Apr 17, 2014 at 5:41 PM, Suresh Attanayaka <[email protected]>
>>> wrote:
>>>
>>>> Hi,
>>>>
>>>> We can use Dynamic Client Registration[1] to get a ClientKey and a
>>>> ClientSecrete. The advantage here is that different instances of the same
>>>> application will have different ClientKey and ClientSecrete. With this we
>>>> can identify each installation.
>>>>
>>>> Dynamic Client Registration has a registration endpoint which requires
>>>> an initial token. The initial token can be obtained using basic
>>>> authentication, then the client can use that initial token to register
>>>> itself at the EMM and get the ClientKey + ClientSecrete.
>>>>
>>>> Once the client has received the ClientKey and ClientSecrete, it should
>>>> store it securely.
>>>>
>>>> [1]- http://openid.net/specs/openid-connect-registration-1_0.html
>>>>
>>>>
>>>>
>>>>
>>>> On Thu, Apr 17, 2014 at 2:52 PM, Harshan Liyanage <[email protected]>
>>>> wrote:
>>>>
>>>>> I think we could use a technique like "*Image Steganography[[1]*" to
>>>>> store consumer key/secret inside the application so it would be difficult
>>>>> to hack. For the image we can use something like application logo so it
>>>>> won't get much attention. On the otherhand we could modify the
>>>>> steganography algorithm and make it much more secure.
>>>>>
>>>>> [1]. http://en.wikipedia.org/wiki/Steganography
>>>>>
>>>>> Best Regards,
>>>>>
>>>>> Lakshitha Harshan
>>>>> Software Engineer
>>>>> Mobile: *+94724423048*
>>>>> Email: [email protected]
>>>>> Blog : http://harshanliyanage.blogspot.com/
>>>>> *WSO2, Inc. :** wso2.com <http://wso2.com/>*
>>>>> lean.enterprise.middleware.
>>>>>
>>>>>
>>>>> On Thu, Apr 17, 2014 at 2:21 PM, Chathura Dilan <[email protected]>
>>>>> wrote:
>>>>>
>>>>>> if it is unique to the app, there could be another security issue.
>>>>>> Someone can get our source and authenticate himself with his app, and 
>>>>>> they
>>>>>> are able to download the key from the server.
>>>>>>
>>>>>>
>>>>>> On Thu, Apr 17, 2014 at 2:12 PM, Chathura Dilan <[email protected]>
>>>>>> wrote:
>>>>>>
>>>>>>> Is consumer/secret key unique to a user or is it unique to the app?
>>>>>>>
>>>>>>>
>>>>>>> On Thu, Apr 17, 2014 at 12:20 PM, Chan <[email protected]> wrote:
>>>>>>>
>>>>>>>> +1 to the idea since basic auth will be first used to obtain the
>>>>>>>> consumer secret. But we might have to change the flow from how it 
>>>>>>>> usually
>>>>>>>> work.
>>>>>>>>
>>>>>>>> Cheers~
>>>>>>>>
>>>>>>>>
>>>>>>>> On Thu, Apr 17, 2014 at 12:17 PM, Kasun Dananjaya Delgolla <
>>>>>>>> [email protected]> wrote:
>>>>>>>>
>>>>>>>>> Hi All,
>>>>>>>>>
>>>>>>>>> We're going to protect all the API calls from EMM client side
>>>>>>>>> using OAuth.
>>>>>>>>>
>>>>>>>>> I have a concern whether to store the consumer key/secret inside
>>>>>>>>> the EMM Agent Application or making it dynamic. We can actually send 
>>>>>>>>> those
>>>>>>>>> 2 when the user authenticates from the mobile client (As the 
>>>>>>>>> response), and
>>>>>>>>> then we can store it inside a private preference (Which is application
>>>>>>>>> private).
>>>>>>>>>
>>>>>>>>> I see this as the safest way because keeping it hardcoded in the
>>>>>>>>> source or a file might be extremely easy to hack. So WDYT?
>>>>>>>>>
>>>>>>>>> Regards,
>>>>>>>>> --
>>>>>>>>> Kasun Dananjaya Delgolla
>>>>>>>>>
>>>>>>>>> Software Engineer
>>>>>>>>> WSO2 Inc.; http://wso2.com
>>>>>>>>> lean.enterprise.middleware
>>>>>>>>> Tel:  +94 11 214 5345
>>>>>>>>> Fax: +94 11 2145300
>>>>>>>>> Mob: + 94 777 997 850
>>>>>>>>> Blog: http://kddcodingparadise.blogspot.com
>>>>>>>>> Linkedin: *http://lk.linkedin.com/in/kasundananjaya
>>>>>>>>> <http://lk.linkedin.com/in/kasundananjaya>*
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> --
>>>>>>>>> Kasun Dananjaya Delgolla
>>>>>>>>>
>>>>>>>>> Software Engineer
>>>>>>>>> WSO2 Inc.; http://wso2.com
>>>>>>>>> lean.enterprise.middleware
>>>>>>>>> Tel:  +94 11 214 5345
>>>>>>>>> Fax: +94 11 2145300
>>>>>>>>> Mob: + 94 777 997 850
>>>>>>>>> Blog: http://kddcodingparadise.blogspot.com
>>>>>>>>> Linkedin: *http://lk.linkedin.com/in/kasundananjaya
>>>>>>>>> <http://lk.linkedin.com/in/kasundananjaya>*
>>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> --
>>>>>>>> Chan (Dulitha Wijewantha)
>>>>>>>> Software Engineer - Mobile Development
>>>>>>>> WSO2Mobile
>>>>>>>> Lean.Enterprise.Mobileware
>>>>>>>>  * ~Email       [email protected] <[email protected]>*
>>>>>>>> *  ~Mobile     +94712112165 <%2B94712112165>*
>>>>>>>> *  ~Website   dulitha.me <http://dulitha.me>*
>>>>>>>> *  ~Twitter     @dulitharw <https://twitter.com/dulitharw>*
>>>>>>>>   *~Github     @dulichan <https://github.com/dulichan>*
>>>>>>>>   *~SO     @chan <http://stackoverflow.com/users/813471/chan>*
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> Regards,
>>>>>>>
>>>>>>> Chatura Dilan Perera
>>>>>>> *(Senior Software Engineer - WSO2 Inc.)*
>>>>>>> www.dilan.me
>>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> Regards,
>>>>>>
>>>>>> Chatura Dilan Perera
>>>>>> *(Senior Software Engineer - WSO2 Inc.)*
>>>>>> www.dilan.me
>>>>>>
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> Dev mailing list
>>>>> [email protected]
>>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>>>
>>>>>
>>>>
>>>>
>>>> --
>>>> Suresh Attanayake
>>>> Senior Software Engineer; WSO2 Inc. http://wso2.com/
>>>> Blog : http://sureshatt.blogspot.com/
>>>> Web : http://www.ssoarcade.com/
>>>> Facebook : https://www.facebook.com/IdentityWorld
>>>> Twitter : https://twitter.com/sureshatt
>>>> LinkedIn : http://lk.linkedin.com/in/sureshatt
>>>> Mobile : +94755012060
>>>> Mobile : +016166171172
>>>>
>>>> _______________________________________________
>>>> Dev mailing list
>>>> [email protected]
>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>>
>>>>
>>>
>>>
>>> --
>>> Gayan Gunawardana
>>> Software Engineer; WSO2 Inc.; http://wso2.com/
>>> Email: [email protected]
>>> Mobile: +94 (71) 8020933
>>> Blog: http://gayanj2ee.blogspot.com/
>>>
>>> _______________________________________________
>>> Dev mailing list
>>> [email protected]
>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>
>>>
>>
>>
>> --
>> Kasun Dananjaya Delgolla
>>
>> Software Engineer
>> WSO2 Inc.; http://wso2.com
>> lean.enterprise.middleware
>> Tel:  +94 11 214 5345
>> Fax: +94 11 2145300
>> Mob: + 94 777 997 850
>> Blog: http://kddcodingparadise.blogspot.com
>> Linkedin: *http://lk.linkedin.com/in/kasundananjaya
>> <http://lk.linkedin.com/in/kasundananjaya>*
>>
>> _______________________________________________
>> Dev mailing list
>> [email protected]
>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>
>>
>
>
> --
> Chan (Dulitha Wijewantha)
> Software Engineer - Mobile Development
> WSO2 Inc
> Lean.Enterprise.Mobileware
>  * ~Email       [email protected] <[email protected]>*
> *  ~Mobile     +94712112165 <%2B94712112165>*
> *  ~Website   dulitha.me <http://dulitha.me>*
> *  ~Twitter     @dulitharw <https://twitter.com/dulitharw>*
>   *~Github     @dulichan <https://github.com/dulichan>*
>   *~SO     @chan <http://stackoverflow.com/users/813471/chan>*
>



-- 
Gayan Gunawardana
Software Engineer; WSO2 Inc.; http://wso2.com/
Email: [email protected]
Mobile: +94 (71) 8020933
_______________________________________________
Dev mailing list
[email protected]
http://wso2.org/cgi-bin/mailman/listinfo/dev

Reply via email to