Security meeting 2015-02-25

From wiki.gpii
Jump to: navigation, search

Notes

Agenda

  • What we need to do for C4A
    • priorities
    • responses from review
  • Long term
  • Native client flow
    • Mobile Accessibility
    • Local Flow Manager
  • Anonymous access
  • Untrusted devices
  • Account management
  • Filtering of prefs for local solutions (pushing of prefs rather than pulling)
  • Local machine security

C4A

  • Integration of SP3 apps
    • Online Banking [web]
    • Mobile Accessibility [Android]
    • Browse Aloud [web]
    • Easit4all [web]
    • Ticket Vending Machine
  • Filtering of prefs for local solutions
  • Untrusted local manager

Native clients

  • UI for requesting authorization
  1. authorize ahead of time
  2. integrate a web view
  3. integrate with the local flow manager
  • authenticating the client
  • authenticating the user

Tasks

  • CouchDB persistence
  • Writing of preferences
  • User account management UI
  • HTTPS for:
    • prefs server
    • Cloud based Flow Manager
    • solution registry
    • match makers
    • load balancer to component connection
  • solutions registry integration

Whiteboard

IMG 0378.JPG