locked
Using live ID for mobile with HealthVault SDK RRS feed

  • Question

  • Is there a way to HealthVault SDK authentication mechanism to use LiveId for Mobile (https://mid.live.com/si/login.aspx) .
    We are building a mobile Interface (for mobile web browser) with HealthVault and authenticating with the regulare live ID could not be consider....
    Thursday, July 2, 2009 2:06 PM

Answers

  • It is definitely under consideration, but we haven't announced a specific date when that will be available.  It's a great suggestion, however.  Improving the mobile experience is definitely on our list of priorities.
    • Marked as answer by Bert124 Thursday, July 2, 2009 6:11 PM
    Thursday, July 2, 2009 6:09 PM

All replies

  • This feature is not available currently.   But I am sure it is something being considered to being available in future. I have no idea on any time lines and am sure some one from MSFT would respond to provide more insight

    Raj
    Raj HealthVault Developer Tool http://xray.getrealconsulting.com
    Thursday, July 2, 2009 2:51 PM
  • [updated/edited #2 to be more clear about security and private key concerns]

    Currently, there are two ways to auth for apps on a mobile platform:

     1. For web applications and mobile devices with a web browser that supports it, the normal HealthVault and LiveID process should work fine.

     2. For mobile devices whose browser doesn't work with the Live ID sign in process, or mobile applications that use a non-web based interface, the user has to authorize an Offline HealthVault connection via a computer web browser prior to using the mobile application.  You can set up a web portal, direct users to sign in and authorize your app for offline access, and then they can download or use the mobile application; the mobile app can leverage the offline access granted via the full web app earlier.  However, the mobile app shouldn't make the offline connection directly, as that would require your app's private key be distributed along with your application... which is a security issue.  What other HV partners have done so far is to create their own web service to act as an offline connection proxy.  The mobile application calls the web service, which has the private key safe on the server, and their web service then can make offline connections directly to HealthVault.  In all of this, it's critical that the mobile applicaiton and communication be secure, and that you safely identify users properly (via username/password, etc), as you are effectively hiding and removing most of the usual HealthVault/LiveID security and taking on that responsibility yourself via the additional layers of abstraction.
    Thursday, July 2, 2009 5:56 PM
  • For option1, It would be good to let a mobile web browser to autheticate trought Mobile Live ID. Is this something you are considering?
    Thursday, July 2, 2009 6:00 PM
  • It is definitely under consideration, but we haven't announced a specific date when that will be available.  It's a great suggestion, however.  Improving the mobile experience is definitely on our list of priorities.
    • Marked as answer by Bert124 Thursday, July 2, 2009 6:11 PM
    Thursday, July 2, 2009 6:09 PM