ubuntu-push-devs team mailing list archive

[Ted Gould <ted@xxxxxxxxxx>]

On Wed, 2013-08-07 at 15:22 +0100, John Lenton wrote:

> On Tue, Aug 6, 2013 at 7:10 PM, Tyler Hicks <tyhicks@xxxxxxxxxxxxx> wrote:
> > End-to-end authentication is also needed and there needs to be checks to
> > make sure that the authenticated notifications from the app writers
> > don't contain anything unexpected.
> 
> yes. The app server needs to auth to the push server using a per-app
> token, and each message needs to be signed with a per-bucket token
> (per-user-per-app), and the app needs to auth to it too (via the
> client-side daemon) using a per-user-per-app token. I'll be adding
> something overly simplistic today; would be interested in knowing what
> things we could do in that space. (note none of this is done yet)
> (note also i seem to have lost half of today already, doing nothing of
> use).


It seems like you really need "per user per device."  I could for
instance want Google+ notifications on my tablet but not my phone.

I'm not sure what you're meaning here by token.  It seems like you don't
need tokens as much as you need to authenticate everyone connecting, and
keep a list of what they're allow to see and/or post.  I don't think
they need to be tokens of any type as long as everyone authenticates to
the server where the lists are stored.

Ted

Attachment: signature.asc
Description: This is a digitally signed message part