Attestation.jar Heroku based validation service

[jot2re]

Currently the the crypto-verify service is based on Authenticator. However, attestation.jar is the primarily reference implementation of the construction and validation of cryptographic aspects. In particular since it is throughly tested with negative tests and since it is the implementation that receives security updates first, it makes sense to use this as the remote verification service.

[SmartLayer]

I agree but what is this with Heroku? Clarify, did @oleggrib already set up the service using Heroku?

[jot2re]

Currently not all security verifications are implemented in the Authenticator. Furthermore, it is not as extensively negatively tested as attestation.jar. So I think we either need to use attestation.jar as the backend verification or we need to make sure all security fixes are up-to-date (in accordance with attestation.jar) on Authenticator.