Store log in from WebDM
Loïc Minier
loic.minier at ubuntu.com
Fri Apr 10 23:28:13 UTC 2015
Yup, but at least we will only request the master Ubuntu password when
connected to the real Ubuntu website rather than passing it to the device
unencrypted; only the allowed token is then passed to the device. Maybe
that token can only access the store, or it can be revoked, but it feel
less of a danger than passing the actual password?
On Fri, Apr 10, 2015 at 3:01 PM, Martin Albisetti <
martin.albisetti at canonical.com> wrote:
> On Fri, Apr 10, 2015 at 9:13 AM, Loïc Minier <loic.minier at ubuntu.com>
> wrote:
> > Can't we use oauth to auth against the regular Ubuntu SSO site, and
> deliver
> > a token to the router? That way, you only type your Ubuntu credentials
> > against the SSO website (using SSL). (I feel I'm missing something
> obvious)
>
> How would that work?
> The user is in a browser remote from the device, with an unencrypted
> connection to it.
> There has to be some coordination between the browser (user) and the
> device, one way or another. Whatever that coordination is, it'll be
> interceptable.
>
>
> --
> Martin
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/snappy-devel/attachments/20150411/1d37a032/attachment.html>
More information about the snappy-devel
mailing list