Uploaded image for project: 'Shindig'
  1. Shindig
  2. SHINDIG-1716

Add/Improve documentation around security tokens

Add voteWatch issue
    XMLWordPrintableJSON

Details

    • Improvement
    • Status: In Progress
    • Major
    • Resolution: Unresolved
    • 2.5.0-beta1
    • 2.5.3
    • Website

    Description

      Currently there is little to no documentation on the structure and use of security tokens in Shindig. A lot of questions come through on the dev list about security tokens and the information they contain and we have no common set of resources to point people to. I'd like to create documentation to cover the following topics and add it to the wiki:

      • The role of security tokens, both container and gadget
      • What information should be in a security token
      • How and when that information is used
      • How to secure security tokens via encryption
      • How security tokens get refreshed, both container and gadget
      • Gotchas that could leave your app insecure (e.g. how tokens can be compromised and what the impact could be)

      If there's any other information that should be included, feel free to leave a suggestion.

      Attachments

        Activity

          People

            ssievers Stanton Sievers
            ssievers Stanton Sievers

            Dates

              Created:
              Updated:

              Time Tracking

                Estimated:
                Original Estimate - 72h
                72h
                Remaining:
                Remaining Estimate - 72h
                72h
                Logged:
                Time Spent - Not Specified
                Not Specified

                Slack

                  Issue deployment