This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "OWASP JOTP Project"
(Created page with "=Main= <div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">link=</div> {| style="padding: 0;margin:0;margin-top:10px;t...") |
|||
| Line 6: | Line 6: | ||
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" | | | valign="top" style="border-right: 1px dotted gray;padding-right:25px;" | | ||
| − | ==OWASP | + | ==OWASP JOTP== |
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| + | OWASP JOTP is a lightweight web application, implemented in Java as a small set of RESTful services, that can be used to generate, validate, and automatically expire one-time use password tokens. This tool could be useful in scenarios that require multi-factor authentication, but do not allow for more expensive / complex solutions that require physical tokens (magnetic id cards, RSA hard tokens, etc). Tokens generated may be sent either via email or SMS text message to end users. | ||
==Description== | ==Description== | ||
| − | + | A common use case for jOTP is as follows: | |
| + | 1. Client web application displays login page to user. | ||
| + | 2. User enters username, password, and cell phone number. | ||
| + | 3. Client application makes a call to jOTP, which subsequently generates a token and sends it to the user's cell phone. | ||
| + | 4. The user receives the token, and enters it on the login page. | ||
| + | 5. The client application contacts jOTP to validate the token. If the token was valid, along with the username/password (validated separately), the user is logged in. | ||
| + | ==Licensing== | ||
| − | + | TDB | |
| − | |||
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" | | | valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" | | ||
| − | == What is | + | == What is JOTP? == |
| − | OWASP | + | OWASP JOTP provides: |
* xxx | * xxx | ||
| Line 44: | Line 43: | ||
== Project Leader == | == Project Leader == | ||
| − | + | Robert Upcraft | |
== Related Projects == | == Related Projects == | ||
| − | + | ||
| Line 61: | Line 60: | ||
== Email List == | == Email List == | ||
| − | + | [https://lists.owasp.org/mailman/listinfo/owasp_jotp_project OWASP JOTP Mailing List] | |
== News and Events == | == News and Events == | ||
| Line 67: | Line 66: | ||
* [30 Sep 2013] News 1 | * [30 Sep 2013] News 1 | ||
| − | |||
| − | |||
| − | |||
| Line 100: | Line 96: | ||
= Acknowledgements = | = Acknowledgements = | ||
==Volunteers== | ==Volunteers== | ||
| − | + | OWASP JOTP is developed by a worldwide team of volunteers. The primary contributors to date have been: | |
* xxx | * xxx | ||
| Line 110: | Line 106: | ||
= Road Map and Getting Involved = | = Road Map and Getting Involved = | ||
| − | As of | + | As of April 2014, the priorities are: |
| − | + | ||
| − | + | Development work for jOTP is largely complete as of now. Because I plan on keeping it lightweight and focused on this use case, I don't plan to extend the feature set significantly. Most future work will include bug fixes, and additional customization options developed on an as-needed basis. | |
| − | |||
| − | Involvement in the development and promotion of | + | Involvement in the development and promotion of OWASP JOTP is actively encouraged! |
You do not have to be a security expert in order to contribute. | You do not have to be a security expert in order to contribute. | ||
| + | |||
Some of the ways you can help: | Some of the ways you can help: | ||
* xxx | * xxx | ||
* xxx | * xxx | ||
| − | + | ||
| − | |||
| − | |||
| − | |||
| − | |||
__NOTOC__ <headertabs /> | __NOTOC__ <headertabs /> | ||
[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Document]] | [[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Document]] | ||
Revision as of 21:32, 8 April 2014
OWASP JOTPOWASP JOTP is a lightweight web application, implemented in Java as a small set of RESTful services, that can be used to generate, validate, and automatically expire one-time use password tokens. This tool could be useful in scenarios that require multi-factor authentication, but do not allow for more expensive / complex solutions that require physical tokens (magnetic id cards, RSA hard tokens, etc). Tokens generated may be sent either via email or SMS text message to end users. DescriptionA common use case for jOTP is as follows: 1. Client web application displays login page to user. 2. User enters username, password, and cell phone number. 3. Client application makes a call to jOTP, which subsequently generates a token and sends it to the user's cell phone. 4. The user receives the token, and enters it on the login page. 5. The client application contacts jOTP to validate the token. If the token was valid, along with the username/password (validated separately), the user is logged in. LicensingTDB
|
What is JOTP?OWASP JOTP provides:
PresentationLink to presentation
Project LeaderRobert Upcraft
Related Projects |
Quick Download
Email ListNews and Events
Classifications
| ||||||||
- Q1
- A1
- Q2
- A2
Volunteers
OWASP JOTP is developed by a worldwide team of volunteers. The primary contributors to date have been:
- xxx
- xxx
Others
- xxx
- xxx
As of April 2014, the priorities are:
Development work for jOTP is largely complete as of now. Because I plan on keeping it lightweight and focused on this use case, I don't plan to extend the feature set significantly. Most future work will include bug fixes, and additional customization options developed on an as-needed basis.
Involvement in the development and promotion of OWASP JOTP is actively encouraged! You do not have to be a security expert in order to contribute.
Some of the ways you can help:
- xxx
- xxx
