When you download elemcam you are allowed to start recording right away without ever being prompted to make an account or enter a password. I am not going to go into the technical details on how to set up this entire process, but here are the steps elemcam takes to make your experience simple and secure.
- Elemcam has digital signatures on file with google allowing intrinsic trust between the application user and elemcam. This trust is simply to know the identity of the user using the application.
- With this trust elemcam's native android application can request from google an oauth token without the annoying prompt to authorize access to basic information.
- The oath token is conveyed in every server interaction elemcam's native android application does. This is typically a multi-part post to save a video to the server.
- Before any action is done on the server, whether that's saving or serving a video, the token is verified to be signed by google and that the token was really meant for elemcam and the user in question.
With every interaction being verified to be deliberate and from a particular user there is no need for separate accounts/passwords and all the headache and security vulnerabilities that come with it.
No comments:
Post a Comment