Updated README and file names

README.md

@@ -8,13 +8,13 @@ Follow the activities below as the semester progresses.
 ## Weekly breakdown of the semester project:
 - [A: Brainstorming and Setup](descriptions/005_brainstorm_setup.md)
 - [B: Basic File Store API](descriptions/010_filestore_api.md)
-- [C: Relational Databases and API Testing](descriptions/020_db_testing.md)
+- [C: Relational Databases and Testing](descriptions/020_db_testing.md)
 - [D: Database Hardening](descriptions/030_db_hardening.md)
 - [E: Secure User Accounts](descriptions/040_secure_accounts.md)
-- [F: Deployed API + Interface Client](descriptions/050_interface_client.md)
-- [G: Token Based Authentication](descriptions/060_token_authentication.md)
-- [H: Form Validation and SSL Enforcement](descriptions/070_validation_ssl.md)
-- [I: Token Based Authorization](descriptions/080_token_authorization.md)
+- [F: Client Interface and Sessions](descriptions/050_interface_sessions.md)
+- [G: Secure Session and Registration](descriptions/055_secure_sessions.md)
+- [H: Token Based Authorization](descriptions/060_token_authorization.md)
+- [I: Policies and Validation](descriptions/070_policies_validation_ssl.md)
 - [J: OAuth Protocol and Single-Table Inheritance](descriptions/090_oauth_protocol.md)
-- [K: Signed Apps and XSS Prevention](descriptions/100_distributed_security.md)
+- [K: Signed Clients and XSS Prevention](descriptions/100_distributed_security.md)
 - [L: Final Presentations](descriptions/110_final_presentation.md)

descriptions/020_db_testing.md

@@ -1,4 +1,4 @@
-## Database and Testing
+## Relational Databases and Testing
 
 We will start addressing some of the security issues we found by adding a database to our application and writing tests for it. You can refer to the [`1_db_testing` branch of the demo code we saw in class](https://github.com/ISS-Security/configshare-api/tree/1_db_testing).
 

descriptions/050_interface_client.md → descriptions/050_interface_sessions.md

@@ -1,4 +1,4 @@
-# Interface and Sessions
+# Client Interface and Sessions
 
 This week are building up our interface as a web client application. We are interested in seeing if we can get users to login for now! Take a look at the latest code at:
   - [Deployed API](https://github.com/ISS-Security/configshare-api/tree/4_authenticate_accounts)

descriptions/055_secure_sessions.md

@@ -1,4 +1,4 @@
-# Secure Sessions
+# Secure Sessions and Registration
 
 This week we will secure the storage of session state across our system and on the client machine.
 See the latest version of our demo code:

descriptions/070_policies_validation.md

@@ -1,4 +1,4 @@
-# Validated Form Input and Enforce SSL
+# Policies and Validation
 
 This week we will create centralized resource policies, and validate user input coming from web forms. See the latest version of our demo project:
 - [Web API: auth_policy](https://github.com/ISS-Security/configshare-api/tree/6_auth_policy)

descriptions/090_oauth_protocol.md

@@ -31,5 +31,5 @@ This week we will implement single sign-on (SSO) to allow users to login using t
   - Choose from the options we saw in class of how to distribute these tasks between your App and your API
     - ~~option 1: App handles everything and asks API to find/create Github account~~
     - option 2: App completes authorization and sends access_token to API, API uses access_token to retrieve user data from Github
-    - option 3: API handles everything and returns Github account to App
+    - option 3: App starts process until callback, then hands code to API; API uses code to retrieve access_token and get user data
   - Make sure at the end that your API stores a new `SsoAccount` if one does not exist for an SSO login