Re: [mihini-dev] [REST] Tech Preview

[Romain Perier <rperier@xxxxxxxxxxxxxxxxxx>]

Hi all,
I would suggest two modes (the modes would be activable in the configstore):

1. No security: Assuming, a member of the community plans to use Mihini 
on his rasp. pi, he does not want necesseraly to implement/use security 
(it's not easy to deploy and useless on a local network)
2. OAuth 2.0 [1] : A well-known authentication mechanism designed for 
that purpose

What do you think ? I mean, it would be better to use a good 
authentication mechanism instead of a one with security holes, imho.

1. http://tools.ietf.org/html/rfc6749

Le 28/05/2013 18:24, Cuero Bugot a écrit :
> Well no. LuaRPC does not provide any security and that is an issue.
> It is not for development only, for instance in AAF[1], it has to be enabled on production !
>
> Security, as the first step, could probably be a digest authentication only. An enhanced solution would be to have SSL layer, but that would be a second step...
>
> [1] http://developer.sierrawireless.com/ALEOS_AF
>
>
> -----Original Message-----
> From: mihini-dev-bounces@xxxxxxxxxxx [mailto:mihini-dev-bounces@xxxxxxxxxxx] On Behalf Of Benjamin Cabé
> Sent: Tuesday, May 28, 2013 6:12 PM
> To: Mihini project developer discussions
> Subject: Re: [mihini-dev] [REST] Tech Preview
>
> What do you mean by security?
> Just like RPC, I think the REST server is just meant to be enabled in development mode, no?
>
> Benjamin--
>
>
>
>
>
>
> Le 28/05/13 18:02, « Romain Perier » <rperier@xxxxxxxxxxxxxxxxxx> a écrit :
>
> > Le 28/05/2013 16:19, Cuero Bugot a écrit :
> > > Yes indeed. That is something we thought about. It would be a
> > > simplified workflow for one application uninstall. The generic way
> > > (creating  package) is still necessary if you need to do more than one
> > > operation at a time.
> > > However it would require a little more work on the update component.
> > > We'd like to have more feedback on the update component before
> > > starting some code refactoring on it. I would suggest to open a ticket
> > > to track that specific feature. It might end up as a low priority
> > > though, because there is a workaround for that use case.
> > > Let us know if that is blocking for you.
> > >
> > > -----Original Message-----
> > > From: mihini-dev-bounces@xxxxxxxxxxx
> > > [mailto:mihini-dev-bounces@xxxxxxxxxxx] On Behalf Of Simon Bernard
> > > Sent: Tuesday, May 28, 2013 3:01 PM
> > > To: Mihini project developer discussions
> > > Subject: Re: [mihini-dev] [REST] Tech Preview
> > >
> > > 1 suggestion : Currently the only way to uninstall an application is
> > > to use the localupdate and create an "uninstall" package.
> > > A more simple way to do that will be a great improvement.(I mean
> > > without package creation)
> > Thanks for your feedbacks. A first finalized implementation has been
> > pushed to the branch bugs/402289.
> >
> > @ALL: any other suggestions/feedbacks until we add security to the rest
> > stack ?
> >
> > Regards,
> > Romain
> > _______________________________________________
> > mihini-dev mailing list
> > mihini-dev@xxxxxxxxxxx
> > http://dev.eclipse.org/mailman/listinfo/mihini-dev
> _______________________________________________
> mihini-dev mailing list
> mihini-dev@xxxxxxxxxxx
> http://dev.eclipse.org/mailman/listinfo/mihini-dev
>
> _______________________________________________
> mihini-dev mailing list
> mihini-dev@xxxxxxxxxxx
> http://dev.eclipse.org/mailman/listinfo/mihini-dev