Hi Ruwan, Need few clarifications
We do have *with MDM* and *without MDM* implementation in here. When we implementing without MDM scenario there will be two links generated. One link for user to login to the store and OTDL is generated when user login to the store. If we implementing a expiration on the OTDL link when do we start the clock? *Sajith Abeywardhana* | Software Engineer WSO2, Inc | lean. enterprise. middleware. #20, Palm Grove, Colombo 03, Sri Lanka. Mobile: +94772260485 Email: saji...@wso2.com <mahe...@wso2.com> | Web: www.wso2.com On Thu, Jul 16, 2015 at 2:21 PM, Chathura Dilan <chathu...@wso2.com> wrote: > Hi Ruwan, > > +1 for all 3 suggestions > > On Thu, Jul 16, 2015 at 1:36 PM, Ruwan Abeykoon <ruw...@wso2.com> wrote: > >> Hi Chathura, >> Like to add few points. >> >> 1. The OTDL is sufficient for the Application download case. But it does >> not provide good authentication details(i.e. any one who has access to the >> link can download the App). I think this will be acceptable since the >> download is allowed only once. Also there is no other way to make it more >> secure than entering credentials to get the full authentication, which is >> not acceptable in this scenario. >> >> 2. We can have an expiration on the OTDL link. I think by default 3 days >> should be enough (==Typical SMS validity period). One can choose less value >> for expiry to get bit more security. >> >> 3. We need to create this OTDL as a reusable component so that other >> projects, which in need the similar kind of functionality can reuse. I >> suggest we can generate/validate the "One Time Download Key" not the URL. >> Then the application can use it in URL or any other mechanism. (e.g. >> Download an sketch in IoT platform.) >> >> >> >> Cheers, >> Ruwan >> >> On Thu, Jul 16, 2015 at 11:34 AM, Chathura Dilan <chathu...@wso2.com> >> wrote: >> >>> Hi All, >>> >>> We had a discussion on implementing secured download links for mobile >>> applications in App Manager. >>> >>> Secured downloads links provide a secure way to download application >>> binaries from the server. Once the secured download link is used, it will >>> be discarded. Therefore secured links are one time (single use) download >>> links (OTDL). >>> >>> When a secured link is generated, a token is appended to the link. This >>> token is used to track the download activities. How ever there is no >>> authentication is required to download binaries from those links. >>> >>> >>> We have identified two scenarios in App Manager. >>> >>> 1. Download a binary file without authentication >>> 2. Download a binary file with authentication >>> >>> >>> *Download a binary file with authentication* >>> >>> In this scenario, the user subscribes to an app and OTDLs are generated >>> for him/her to get that app. Any number of OTDLs can be generated to >>> download application binaries from App Manager. Those links can be pushed >>> to the user using any channel. It could be through an MDM or an SMS. Those >>> link can be consumed to download applications to devices. >>> >>> Eg: >>> >>> Pushing Application through MDM >>> >>> l >>> >>> *Download a binary file with authentication* >>> This provides an extra security layer for above scenario. In this >>> scenario, the user subscribes to an app and a login link will be provided >>> to him/her with a token. Token is used to identify the app details. This >>> link is different from OTDL and it will direct user to a login page. Once >>> the user login successfully using that link, OTDL is generated and user >>> will be redirected to the OTDL to download the file. >>> >>> In this scenario we can control download using the login app for >>> different parameters. >>> Such as if user try to download an Android app from iOS device,it can be >>> restricted using the login application. >>> >>> Eg: >>> >>> Pushing App through an email >>> >>> >>> >>> >>> Only technical problem we are facing here is what happen when the >>> download breaks before the app is completely downloaded. So the solution is >>> to pushing the application again to download. >>> >>> >>> Your suggestions would be highly appreciated >>> >>> -- >>> Regards, >>> >>> >>> Chatura Dilan Perera >>> *(Senior Software Engineer** - WSO2 Inc.**)* >>> www.dilan.me >>> >> >> >> >> -- >> >> *Ruwan Abeykoon* >> *Architect,* >> *WSO2, Inc. http://wso2.com <http://wso2.com/> * >> *lean.enterprise.middleware.* >> >> email: ruw...@wso2.com >> phone:(+94) 777739736 >> > > > > -- > Regards, > > Chatura Dilan Perera > *(Senior Software Engineer** - WSO2 Inc.**)* > www.dilan.me >
_______________________________________________ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
