1 Reply Latest reply on Mar 16, 2012 11:38 AM by jbalunas

    Security on mobile


      Hi my friends!  I was wondering about to create a security layer on top of resteasy to deal with authentication at first glance.


      Currently resteasy has a security module (https://github.com/resteasy/Resteasy/tree/master/jaxrs/security) that supports oauth specification 1.0a (http://docs.jboss.org/resteasy/docs/2.3.1.GA/userguide/html/Authentication.html#d0e2697), that could be used as quick start.


      The API is considered experimental by resteasy team. I would to suggest 2 alternatives:




      1. Start with resteasy-oauth and make it ready for production sending patches to the resteasy team.
      2. Start oauth2 implementation (http://tools.ietf.org/html/draft-ietf-oauth-v2-25) on top of resteasy




      1. Start with JAX-RS from scratch to not be so tight with resteasy (because we'll have specific needs on mobile that couldn't fit in resteasy-oauth plans)
      2. Prioritize which specification must be implemented 1.0b or oauth-v2-25 (or both)


      What do you think?

        • 1. Re: Security on mobile

          I think I'd like to get your thoughts on the end goal, and user facing functionality.  What do you envision the end result to be?  How will developers use it?  Please include client side interactions as well.


          Ideally, as a use-case.  I'd like to have a demo similar to what I posted about AeroGear-7 New more advanced example called Denizen added to aerogear git where we can add in this security work to enable secure services, and pages. 


          I'd like the ability to have the application define its own users, and groups, and tie that in with the OAuth ideas above.  Basically this would be a self contained user/group CRUD demo that would be a perfect platform to show the security features.