Re: [mihini-dev] [REST] Tech Preview

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

Re: [mihini-dev] [REST] Tech Preview

From: Cuero Bugot <cbugot@xxxxxxxxxxxxxxxxxx>
Date: Thu, 30 May 2013 06:13:16 -0700
Accept-language: en-US
Acceptlanguage: en-US
Delivered-to: mihini-dev@xxxxxxxxxxx
List-archive: <http://dev.eclipse.org/mailman/private/mihini-dev>
List-help: <mailto:mihini-dev-request@eclipse.org?subject=help>
List-subscribe: <http://dev.eclipse.org/mailman/listinfo/mihini-dev>, <mailto:mihini-dev-request@eclipse.org?subject=subscribe>
List-unsubscribe: <http://dev.eclipse.org/mailman/options/mihini-dev>, <mailto:mihini-dev-request@eclipse.org?subject=unsubscribe>
Thread-index: Ac5cQpydCuIVbxCwQkStunBXJutBmgA9F6Tw
Thread-topic: [mihini-dev] [REST] Tech Preview

OAuth seems quite advanced indeed. It looks like it would be quite expensive to support (compared to a digest standard auth). Digest is not perfect, granted, but it is very simple to implement. If later on we find out that digest is not sufficient for a use case, we can always work on a SSL (https) layer in addition to that. SSL would provide the maximum level of security.

-----Original Message-----
From: mihini-dev-bounces@xxxxxxxxxxx [mailto:mihini-dev-bounces@xxxxxxxxxxx] On Behalf Of Romain Perier
Sent: Wednesday, May 29, 2013 10:00 AM
To: mihini-dev@xxxxxxxxxxx
Subject: Re: [mihini-dev] [REST] Tech Preview

Hi all,
I would suggest two modes (the modes would be activable in the configstore):

1. No security: Assuming, a member of the community plans to use Mihini on his rasp. pi, he does not want necesseraly to implement/use security (it's not easy to deploy and useless on a local network) 2. OAuth 2.0 [1] : A well-known authentication mechanism designed for that purpose

What do you think ? I mean, it would be better to use a good authentication mechanism instead of a one with security holes, imho.

1. http://tools.ietf.org/html/rfc6749

Le 28/05/2013 18:24, Cuero Bugot a écrit :
> Well no. LuaRPC does not provide any security and that is an issue.
> It is not for development only, for instance in AAF[1], it has to be enabled on production !
>
> Security, as the first step, could probably be a digest authentication only. An enhanced solution would be to have SSL layer, but that would be a second step...
>
> [1] http://developer.sierrawireless.com/ALEOS_AF
>
>
> -----Original Message-----
> From: mihini-dev-bounces@xxxxxxxxxxx 
> [mailto:mihini-dev-bounces@xxxxxxxxxxx] On Behalf Of Benjamin Cabé
> Sent: Tuesday, May 28, 2013 6:12 PM
> To: Mihini project developer discussions
> Subject: Re: [mihini-dev] [REST] Tech Preview
>
> What do you mean by security?
> Just like RPC, I think the REST server is just meant to be enabled in development mode, no?
>
> Benjamin--
>
>
>
>
>
>
> Le 28/05/13 18:02, « Romain Perier » <rperier@xxxxxxxxxxxxxxxxxx> a écrit :
>
>> Le 28/05/2013 16:19, Cuero Bugot a écrit :
>>> Yes indeed. That is something we thought about. It would be a 
>>> simplified workflow for one application uninstall. The generic way 
>>> (creating  package) is still necessary if you need to do more than 
>>> one operation at a time.
>>> However it would require a little more work on the update component.
>>> We'd like to have more feedback on the update component before 
>>> starting some code refactoring on it. I would suggest to open a 
>>> ticket to track that specific feature. It might end up as a low 
>>> priority though, because there is a workaround for that use case.
>>> Let us know if that is blocking for you.
>>>
>>> -----Original Message-----
>>> From: mihini-dev-bounces@xxxxxxxxxxx 
>>> [mailto:mihini-dev-bounces@xxxxxxxxxxx] On Behalf Of Simon Bernard
>>> Sent: Tuesday, May 28, 2013 3:01 PM
>>> To: Mihini project developer discussions
>>> Subject: Re: [mihini-dev] [REST] Tech Preview
>>>
>>> 1 suggestion : Currently the only way to uninstall an application is 
>>> to use the localupdate and create an "uninstall" package.
>>> A more simple way to do that will be a great improvement.(I mean 
>>> without package creation)
>>>
>> Thanks for your feedbacks. A first finalized implementation has been 
>> pushed to the branch bugs/402289.
>>
>> @ALL: any other suggestions/feedbacks until we add security to the 
>> rest stack ?
>>
>> Regards,
>> Romain
>> _______________________________________________
>> mihini-dev mailing list
>> mihini-dev@xxxxxxxxxxx
>> http://dev.eclipse.org/mailman/listinfo/mihini-dev
>>
> _______________________________________________
> mihini-dev mailing list
> mihini-dev@xxxxxxxxxxx
> http://dev.eclipse.org/mailman/listinfo/mihini-dev
>
> _______________________________________________
> mihini-dev mailing list
> mihini-dev@xxxxxxxxxxx
> http://dev.eclipse.org/mailman/listinfo/mihini-dev
>

_______________________________________________
mihini-dev mailing list
mihini-dev@xxxxxxxxxxx
http://dev.eclipse.org/mailman/listinfo/mihini-dev

References:
- Re: [mihini-dev] [REST] Tech Preview
  - From: Romain Perier
- Re: [mihini-dev] [REST] Tech Preview
  - From: Benjamin Cabé
- Re: [mihini-dev] [REST] Tech Preview
  - From: Cuero Bugot
- Re: [mihini-dev] [REST] Tech Preview
  - From: Romain Perier

Prev by Date: Re: [mihini-dev] [REST] Tech Preview
Next by Date: [mihini-dev] Packaging
Previous by thread: Re: [mihini-dev] [REST] Tech Preview
Next by thread: [mihini-dev] Packaging
Index(es):
- Date
- Thread

Breadcrumbs