Update on v3.0, official status, and LDS Tech Preso

82 views
Skip to first unread message

AJ ONeal (Home)

unread,
Oct 28, 2015, 9:12:11 PM10/28/15
to lds...@googlegroups.com

Official Status

The bad news is that management at ICS has been shuffling around and some of the people that were championing support for LDS I/O have been moved to other departments.

The good news is that those changes will be finishing up over the next 2 weeks and there will be another meeting to discuss LDS I/O about 2 weeks after that.

Other good news is that we were able to present at the LDS Tech Conference and made contact with more high-level people, so we have a few other avenues to follow.

How you can help

If you have a connection to Elder Bednar or Elder Oaks and would like to help us get a meeting, please reach out. Those are the brethren that when all is said and done are actually over ICS and can side-step bureaucracy and make stuff happen.

Version 3.0

I've started working on v3.0 of LDS I/O. Here are the key differences:

Session Credentials

In v2.0 session credentials were already being kept under tight lock and key. I was storing the encrypted username and password on a separate password with part of the key stored on a device and part of the key being sent back in a token. The token was being used to lookup stored session data. That's backwards of what I should have been doing. I'm changing the token system so that the encrypted credentials will be sent back to the browser or device as refresh tokens (for user/pass) and access tokens (for session data).

Decentralized / Distributed

Instead of having only our own server run the authentication software, we'll allow developers set up individual instances and have our server available for dynamic registration and key serving. Since we don't want to store data on disk and the lds.org servers are often overloaded or down for maintenance this means that everything can be stored in memory across many instances according to locality.

Hosted Apps

We want to enforce the most strict browser security policies available to ensure that we put any possibility of security issues out in the realm of theoretical mathematics. To enable this, we'll require registered apps to be hosted statically on a server that supports these policies (such as the one we're making available for local install).

KC Erb

unread,
Nov 8, 2015, 5:59:19 PM11/8/15
to LDS I/O
Sounds good AJ. I don't know anyone at a level of church authority higher than my stake president so I'll wait anxiously for 3.0

Keep up the good work, we're all counting on your perseverance!

John Shaw

unread,
Nov 8, 2015, 9:41:37 PM11/8/15
to LDS I/O
I'm glad that you're all hopeful.
Reply all
Reply to author
Forward
0 new messages