Add/Improve documentation around security tokens
------------------------------------------------
Key: SHINDIG-1716
URL: https://issues.apache.org/jira/browse/SHINDIG-1716
Project: Shindig
Issue Type: Improvement
Components: Website
Affects Versions: 2.5.0
Reporter: Stanton Sievers
Assignee: Stanton Sievers
Fix For: 2.5.0
Currently there is little to no documentation on the structure and use of
security tokens in Shindig. A lot of questions come through on the dev list
about security tokens and the information they contain and we have no common
set of resources to point people to. I'd like to create documentation to cover
the following topics and add it to the wiki:
- The role of security tokens, both container and gadget
- What information should be in a security token
- How and when that information is used
- How to secure security tokens via encryption
- How security tokens get refreshed, both container and gadget
- Gotchas that could leave your app insecure (e.g. how tokens can be
compromised and what the impact could be)
If there's any other information that should be included, feel free to leave a
suggestion.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
