Skip to content

Instantly share code, notes, and snippets.

@abstractj

abstractj/security_roadmap_draft.md Secret

Last active December 17, 2015 16:29
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save abstractj/b50cee4eb8163ccf4c26 to your computer and use it in GitHub Desktop.
Save abstractj/b50cee4eb8163ccf4c26 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
security_roadmap_draft.md

AeroGear Security - Roadmap

1.0.1

  • Bug fixes on examples and updates on AeroGear Security

  • AGSEC-16: Support for multiple roles for AerogearUser (TBD with sblanc)

  • AGSEC-29: Documentation with the overview and description on AeroGear Security

  • AGSEC-36: Add a method to retrieve all registered users on the AuthenticationManager interface (TBD with sblanc)

  • AGSEC-36: Add CRUD methods for AerogearUser

  • Initial support for OTP on JS

1.1.0 (Mid June)

  • AGSEC-13: Add HTTP basic authentication support to the client side

    • AGDROID-27 Add HTTP basic authentication support on AeroGear Android (summers)

    • AGIOS-4 Add HTTP basic authentication support on AeroGear iOS (christos)

    • AGJS-18 Add HTTP basic authentication support on AeroGear.js (I can help on it, I'm just following the JS roadmap)

  • AGSEC-18: Add session management support

  • AGSEC-27: Provide a detailed specification and which kind of authentication schemes will be supported

  • AGSEC-28: HOTP support

    • AGDROID-30: Add HOTP support to aerogear-otp-java

    • AGIOS-1: Add HOTP support to aerogear-otp-ios

  • AGSEC-55: Various security tasks for the Unified Push server

    • AGSEC-30: Unified Push (Add Client Access Key)

    • AGSEC-33: Unified Push: Sec: Add OAuth component to PushEE

    • AGSEC-34: Unified Push: Sec: Add Security Framework to PushEE

    • AGSEC-50: Unified Push: Secure registration of Mobile Variant instance with the server

    • AGSEC-51 Unified Push: Secure registration of Push Application

    • AGSEC-52 Unified Push: Secure registration of Mobile Variant

  • AGSEC-48: Add Apache Shiro support on AeroGear Security

1.2.0 (Mid August)

  • AGSEC-6: Encryption for mobile devices

    • AGDROID-34 Implementation and API usage for android crypto

    • AGIOS-3 Implementation and API usage for iOS crypto

  • AGSEC-15: Add HTTP digest authentication support to the client side

    • AGDROID-10 Add HTTP digest authentication support on AeroGear Android (Summers)

    • AGIOS-5 Add HTTP digest authentication support on AeroGear iOS (Christos)

    • AGIOS-6 Provide a parameter on iOS to enable/disable the usage of cookies (abstractj)

    • AGJS-23 Add HTTP digest authentication support on AeroGear.js

  • AGSEC-26: Authentication schemes for mobile devices

  • AGSEC-49: Add Hawk support on AeroGear Security

  • AGSEC-55: Various security tasks for the Unified Push server

    • AGSEC-31: Unified Push: Evaluate non repudiation for each application on the server

    • AGSEC-53 Unified Push: Secure Admin UI

    • AGSEC-54 Unified Push: Secure http endpoint for sending push notification

1.3.0 (Mid October)

  • AGSEC-2: Secure storage and cache

    • AGSEC-7: Provide a detailed specification about how it should work

  • AGSEC-3: Url and Forms that perform important operations must be protected by random tokens (hidden nonce values)

  • AGSEC-4: Authentication of RESTful requests per transactions must be provided as alternative on AeroGear Security

  • AGSEC-14: HTTP signed requests

  • AGSEC-17: Mobile devices blacklist support

1.4.0 (Mid January)

  • AGSEC-12: Offline authentication

  • AGSEC-25: Include rate-limit to incoming requests from the same origin

2.0.0

  • AGSEC-5: Social login

    • AGSEC-8: Provide a detailed specification about which methods will be supported

  • AGSEC-19: Security & privacy policy (geo, user, misc data)

  • Biometric authentication (TBD)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment