You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@shindig.apache.org by "Dan Dumont (JIRA)" <ji...@apache.org> on 2012/06/22 20:46:43 UTC
[jira] [Commented] (SHINDIG-1716) Add/Improve documentation around
security tokens
[ https://issues.apache.org/jira/browse/SHINDIG-1716?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13399506#comment-13399506 ]
Dan Dumont commented on SHINDIG-1716:
-------------------------------------
Started the wiki doc here, please add more!
https://cwiki.apache.org/confluence/display/SHINDIG/Security+Tokens
> Add/Improve documentation around security tokens
> ------------------------------------------------
>
> Key: SHINDIG-1716
> URL: https://issues.apache.org/jira/browse/SHINDIG-1716
> Project: Shindig
> Issue Type: Improvement
> Components: Website
> Affects Versions: 2.5.0-beta1
> Reporter: Stanton Sievers
> Assignee: Stanton Sievers
> Labels: documentation, security
> Fix For: 2.5.0
>
> Original Estimate: 72h
> Remaining Estimate: 72h
>
> Currently there is little to no documentation on the structure and use of security tokens in Shindig. A lot of questions come through on the dev list about security tokens and the information they contain and we have no common set of resources to point people to. I'd like to create documentation to cover the following topics and add it to the wiki:
> - The role of security tokens, both container and gadget
> - What information should be in a security token
> - How and when that information is used
> - How to secure security tokens via encryption
> - How security tokens get refreshed, both container and gadget
> - Gotchas that could leave your app insecure (e.g. how tokens can be compromised and what the impact could be)
> If there's any other information that should be included, feel free to leave a suggestion.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira