Perl 6 - the future is here, just unevenly distributed

IRC log for #openam, 2014-07-23

| Channels | #openam index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
03:47 spikebike joined #openam
04:05 spikebike I'm quite fond of the Duo push (challenge a soft tokens private key) and it's single click to login.  I've written part of what would be needed do similar within a different auth client/server.
04:06 spikebike Can anyone comment how to get some feedback to help it integrate well with OpenAM?
04:59 ramteid joined #openam
05:23 aldaris joined #openam
05:25 aldaris spikebike, first you should create a JIRA RFE for it
05:25 aldaris then create a review for it in crucible
05:29 spikebike cool, sounds good
05:29 spikebike found: https://bugster.forgerock.o​rg/jira/browse/OPENAM-3657 whic is close
05:29 aldaris nah, not quite
05:30 spikebike ya
05:30 aldaris feel free to open a new RFE ;)
05:30 spikebike will do
05:30 aldaris thanks!
05:35 Hunger- joined #openam
05:46 em-dash joined #openam
05:50 spikebike hrm, maybe it should be added to oauth first
05:50 aldaris ?
05:52 spikebike well OATH defines HOTP, TOTP, and OCRA standards for hard/soft tokens used for one time passwords
05:52 spikebike afaict there's no similar standard for challenging a token's private key.  Although that's what duo push does.
05:53 aldaris OAuth != OATH btw
05:53 aldaris I don't know much about Duo
05:53 aldaris but I don't think they are doing OATH, or are they?
05:54 spikebike oops, sorry, OATH RFC 4226, 6238, and 6287 in particular
05:54 spikebike they handle hotp/totp (which requires a shared secret), but doesn't require a network connection
05:55 spikebike duo is unique in that it doesn't require typing in a 6 digit code, but it does require network
05:56 spikebike Someone tried to login to your server at 14:35:16 from IP foo in cleveland.  Accept/deny?"
05:56 spikebike much nicer than wake up phone, launch app, select profile, get 6 digit code, put down phone, type in code.
05:59 spikebike so duo push requires network, does not require a shared secret, and doesn't require the user type anything except clicking on accept/deny.
06:00 aldaris right, but it still doesn't sound like it is covered by OATH
06:01 spikebike why not?
06:03 aldaris http://tools.ietf.org/html/rfc6287
06:03 aldaris does Duo fulfill the algorithm requirements in 3.?
06:03 spikebike seems pretty close, granted the Portable Symmetric Key Container (PSKC) would need need an asymmetric version
06:05 spikebike R8 fails because they say "There MUST be a unique secret (key) for each token/soft token that is shared between the token and the authentication server."
06:05 spikebike so there would be a unique secret key, but it would not be shared.
06:06 spikebike Hrm, wonder if there's something similar to oath and asymmetric
06:09 spikebike weird, it does seem to be in oath, section 6.3 at http://tools.ietf.org/html/rfc6030#page-29
06:09 spikebike 6.3.  Encryption Based on Asymmetric Keys
06:09 spikebike seems odd to have asymmetric encryption inside a portalbe symmetric key container
06:12 spikebike Appendix B.  Requirements
06:12 spikebike R14:  The format SHOULD support asymmetric encryption algorithms
06:22 spikebike hrm, can't find any standards for this kind of thing, just the general description at:
06:22 spikebike http://en.wikipedia.org/wiki/Multi-f​actor_authentication#Smartphone_push
07:03 em-dash joined #openam
07:13 em-dash joined #openam
07:15 danielmain joined #openam
07:21 fatbloke joined #openam
07:30 fatbloke joined #openam
08:27 aldaris joined #openam
08:28 fatbloke joined #openam
08:57 fatbloke joined #openam
09:07 fatbloke joined #openam
09:13 asyd do you run mvn clean before install on your CI?
09:24 fatbloke joined #openam
09:48 aldaris we tend to
09:52 asyd hmm ok. I first run mvn clean before each build, but that failed on missing modules
10:26 fatbloke joined #openam
10:41 fatbloke joined #openam
10:49 aldaris joined #openam
10:53 aldaris asyd: you are doing something wrong :D
10:54 asyd by clean before each build?
10:54 asyd ny new openam monitoring: http://i.imgur.com/xioBRJV.png need to add IdRepo stats too btw :)
10:56 aldaris snmp?
10:56 asyd nop, jmxembedded. I create a small war to deploy in the same container than openam and send data to graphite
10:56 asyd I'll post on openam-users in a short moment
11:03 fatbloke joined #openam
12:49 aldaris joined #openam
12:59 fatbloke joined #openam
13:32 fatbloke joined #openam
13:52 aldaris joined #openam
14:00 awkwords joined #openam
14:18 aldaris joined #openam
14:31 aldaris joined #openam
15:51 em-dash joined #openam
16:00 fatbloke joined #openam
16:37 em-dash joined #openam
16:39 aldaris joined #openam
17:27 aldaris joined #openam
17:38 em-dash joined #openam
17:53 ramteid joined #openam
19:31 awkwords joined #openam
20:41 aldaris joined #openam
20:45 em-dash joined #openam
21:20 aldaris joined #openam
21:55 aldaris joined #openam
22:38 aldaris joined #openam

| Channels | #openam index | Today | | Search | Google Search | Plain-Text | summary