On Jun 22, 2015, at 6:43 AM, Alex Zavatone z...@mac.com wrote:
We're all familiar with using a SSL cert to get a client to trust a server,
but we're looking at is getting a server to trust that a trusted client is
allowed to access it.
Yup, that’s SSL (or TLS) client certificate
Basically, we're trying to make sure that we limit just what type of client can
contact our web service and limit it to our iOS and Android apps.
Using full challenge response seems to be frowned on since if we implement it,
it's across all servers and this would break the current clients we
Using client-side certificates in TLS is pretty standard stuff, and should
be well-supported by the system. You might start here:
https://developer.apple.com/library/ios/documentation/Cocoa/Conceptual/URLLoadingSystem/Articles/AuthenticationChallenges.html
The biggest issue with something like
On Mon, Jun 22, 2015, at 12:32 PM, Alex Zavatone wrote:
Basically, we're trying to make sure that we limit just what type of
client can contact our web service and limit it to our iOS and Android
apps.
Generally speaking, this isn't possible. All of the information
necessary to authenticate
You can use a second authentication factor though. For example, push
notifications (which ties back to Apple servers and the device’s serial number)
and SMS verification code (commonly found in two-factor authentication schemes)
On Jun 23, 2015, at 02:05, Kyle Sluder k...@ksluder.com wrote:
We're all familiar with using a SSL cert to get a client to trust a server, but
we're looking at is getting a server to trust that a trusted client is allowed
to access it.
I was thinking of embedding an SSL cert within the iOS app and validating
against that, but I'm sort of lost on a way to
