Hi Kamidu/Madhawa, Can't we follow the same approach in windows as well, so we can expose the same experience all whole EMM use case? WDYT? +1, this need to be considered.
In Android normally new policies are being added with each release. For an example the Password Minimum Upper Case policy is only available with API level 11 (Honeycomb) and above We support API 17 upwards. However, as you said, new APIs do get added. Therefore will this be an issue when we tried to create this consistency between iOS and Android passcord policies? What we can control is the common set of attributes that are there between 2 platforms. We need to make common attributes behave the same. We can perform a version checks in the application, yet couldn't this affect the consistency that we are going to create since an EMM server may have devices with different Android versions? We do have have version checks in Application currently and however, the EMM admin need to have good amount of information on what is the policy he can have based on the Android versions in the system and plan accordingly. As the vendor, we need to make sure, when if a wrong policy is applied to a unsupported device, thing perform without breaking. And unnecessary fields are ignored. Once an administrator enforced a passcord policy which can be either *simple* or *alphanumeric, w*ill that affect my existing passcord which is *1234a#*? Is the passcord policy is minimal strength check or does it check for an exact match? Android OS does the checking of if the users passcode ahreads to the policy we have defined. In case you had a strong passcode policy and then reduced the passcode strength has no effect on the current passcode. When the user changes the passcode next time,he can set a weaker password. "In iOS protocol, allow simple passcode means that the user is free to enter just a pin or any passcode. However with Android currently, it must be a alphanumeric value only." Can't we use PIN in Android now? No. we cannot use PIN as this option is disabled due to the way the passcode policies is currently implmented in the agent, it need to be changed. If Android does not allow numbers only or alphabetic characters only passwords could we have the option isSimple for both Android and iOS? Android allows this kind of passcode policy. However our implementation is not designed to allow these. Regards, Inosh On Wed, Jan 31, 2018 at 3:00 PM, Madhawa Perera <madha...@wso2.com> wrote: > [Added InoshP] > > ---------- Forwarded message ---------- > From: Madhawa Perera <madha...@wso2.com> > Date: Wed, Jan 31, 2018 at 2:53 PM > Subject: Re: [Architecture] [IoT][Android] Making Android passcode policy > to be consistent with iOS > To: architecture <architecture@wso2.org> > Cc: Rasika Perera <rasi...@wso2.com> > > > Hi Inosh, > > This is indeed a good approach to have a consistency in passcode policy > regardless of the platform. Even though we maintain two separate policy > wizards this will help to minimize the confusion of MDM administrators when > pushing the same policy to both iOS and Android devices. > > Anyhow, I would like if you can clarify on following areas which I'm not > too clear. > > 1. 1. In Android normally new policies are being added with each > release. For an example the Password Minimum Upper Case policy is only > available with API level 11 (Honeycomb) and above. Therefore will this be > an issue when we tried to create this consistency between iOS and Android > passcord policies? We can perform a version checks in the application, yet > couldn't this affect the consistency that we are going to create since an > EMM server may have devices with different Android versions? > 2. According to the combination table, let's assume that I have > configured a passcord which is *1234a#* before a passcord policy is > being enforced to the device. Once an administrator enforced a passcord > policy which can be either *simple* or *alphanumeric, w*ill that > affect my existing passcord which is *1234a#*? Is the passcord policy > is minimal strength check or does it check for an exact match? So when we > are determining whether the existing passcord satisfies the required policy > what happens in a situation like I described above? > 3. "*In iOS protocol, allow simple passcode means that the user is > free to enter just a pin or any passcode. However with Android currently, > it must be a alphanumeric value only.*" Can't we use PIN in Android > now? > 4. If Android does not allow numbers only or alphabetic characters > only passwords could we have the option isSimple for both Android and iOS? > > Please note that I have referred to following references > > [1] https://developer.android.com/guide/topics/admin/device-admin.html > [2] https://developer.apple.com/library/content/featuredarti > cles/iPhoneConfigurationProfileRef/Introduction/ > Introduction.html#//apple_ref/doc/uid/TP40010206-CH1-SW9 > > Thank you > Best Regards, > Madhawa > > On Wed, Jan 31, 2018 at 12:14 PM, Inosh Perera <ino...@wso2.com> wrote: > >> Hi Rasika, >> >> Please find the possible combinations and the minimum password needed >> bellow, >> isSimple isAlphanumeric isComplex Minimum sufficient password >> y n n 1234 >> y y n 1234a >> y y y 1234a# >> n y y 1234a# >> n n y 1234# >> y n y 1234# >> n y n 1234#h >> n n n 1234# >> Regards, >> Inosh >> >> >> On Wed, Jan 31, 2018 at 11:51 AM, Charitha Goonetilleke < >> charit...@wso2.com> wrote: >> >>> Hi Inosh, >>> >>> On Tue, Jan 30, 2018 at 3:33 PM, Inosh Perera <ino...@wso2.com> wrote: >>> >>>> Hi all, >>>> >>>> Currently the passcode policy of IoT server for Android and iOS >>>> platforms seems to have followed 2 different approaches and this >>>> inconsistency can lead to confusion for an EMM administrator. >>>> >>>> *Following are the inconsistencies,* >>>> In iOS protocol, allow simple passcode means that the user is free to >>>> enter just a pin or any passcode. However with Android currently, it must >>>> be a alphanumeric value only. >>>> Also in iOS disallow simple is equivalent to having at least one >>>> complex characters regardless of the alphanumeric check. When alphanumeric >>>> is not required and complex characters are set to 1, the user should be >>>> able to add a password like "1234$" as the passcode and currently Android >>>> policy does not support this behaviour and it ask for a minimum one >>>> alphabetic character regardless of the state of alphanumeric checkbox. >>>> Therefore to get rid of these inconsistencies, I suggest we should make the >>>> Android passcode policy work similar to iOS. >>>> >>>> *Solution* >>>> Therefore, as per iOS protocol, following would be the standard of the >>>> passcode policy, >>>> allowSimple - If a simple passcode containing just numbers or just >>>> letters or combination is allowed. Setting this to "no" mean, a complex >>>> passcode is required and of minimum of 1 complex character together with >>>> numbers or alphabets characters. >>>> minComplexChars - A complex character is a character other than an >>>> alphanumeric value. Setting min complex chars restriction will not mean >>>> that an alphabetic character is required. >>>> requireAlphanumeric - Whether alphabetic characters are required or is >>>> it enough to have numbers only. >>>> >>> >>> +1, By doing so we can have same experience for pass code policy. Anyway >>> with current design, we have clear separation with Android and iOS >>> policies. So still we might have to keep those two policy wizards. >>> >>> >>>> >>>> Regards, >>>> Inosh >>>> >>>> _______________________________________________ >>>> Architecture mailing list >>>> Architecture@wso2.org >>>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>>> >>>> >>> Thanks & regards, >>> /charithag >>> >>> -- >>> *Charitha Goonetilleke* >>> Senior Software Engineer >>> WSO2 Inc.; http://wso2.com >>> lean.enterprise.middleware >>> >>> mobile: +94 77 751 3669 <%2B94777513669> >>> Twitter:@CharithaWs <https://twitter.com/CharithaWs>, fb: charithag >>> <https://www.facebook.com/charithag>, linkedin: charithag >>> <http://www.linkedin.com/in/charithag> >>> >>> <http://wso2.com/signature> >>> >>> _______________________________________________ >>> Architecture mailing list >>> Architecture@wso2.org >>> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >>> >>> >> >> >> -- >> Inosh Perera >> Senior Software Engineer, WSO2 Inc. >> Tel: 077813 7285, 0785293686 >> >> _______________________________________________ >> Architecture mailing list >> Architecture@wso2.org >> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >> >> > > > -- > Madhawa Perera | Software Engineer > WSO2, Inc | lean. enterprise. middleware. > #20, Palm Grove, Colombo 03, Sri Lanka > <https://maps.google.com/?q=20,+Palm+Grove,+Colombo+03,+Sri+Lanka&entry=gmail&source=g> > Mobile: +94 (0)77 365 5496 <+94%2077%20365%205496> | Work: +94 11 214 > 5345 > Email: madha...@wso2.com | Web: www.wso2.com > > > > > -- > Madhawa Perera | Software Engineer > WSO2, Inc | lean. enterprise. middleware. > #20, Palm Grove, Colombo 03, Sri Lanka > <https://maps.google.com/?q=20,+Palm+Grove,+Colombo+03,+Sri+Lanka&entry=gmail&source=g> > Mobile: +94 (0)77 365 5496 <+94%2077%20365%205496> | Work: +94 11 214 > 5345 > Email: madha...@wso2.com | Web: www.wso2.com > > -- Inosh Perera Senior Software Engineer, WSO2 Inc. Tel: 077813 7285, 0785293686
_______________________________________________ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
