Hello all,
Apologies for the delay replying, had some time off work and been
extremely busy since returning.
My name is Darran Lofthouse, I am a software engineer at Red Hat. I
first started using JBoss back in the J2EE 1.3 days as a developer
deploying applications to JBoss, I subsequently joined JBoss before the
Red Hat acquisition and spent 5 years in the support team providing 3rd
line support to various JBoss AS and EAP releases. About 4 years ago I
transitioned over to the engineering team developing the JBoss AS7
application server and subsequently WildFly.
Currently I am the lead engineer for the WildFly Elytron project which
is a project currently working to update and unify the security solution
in-place across the application server - hence my interest in this group.
Within WildFly we have a strong preference towards using stronger
authentication mechanisms for client / server interaction whether that
be over HTTP or our own native protocols, this throws up a whole host of
issues which we are working through in the Elytron project, some of the
more notable ones include identity switching and identity propagation so
hopefully we have a lot to offer here.
I look forward to working with you all.
Regards,
Darran Lofthouse.
On 05/03/15 04:26, Alex Kosowski wrote:
> Hi Experts,
>
> Welcome to the EE Security API (JSR 375) expert group!
>
> Thanks again for offering to participate. The expert group includes
> experts from seven companies and includes individuals. The current
> members are:
>
> Adam Bien
> David Blevins (Tomitribe)
> Rudy De Busscher
> Ivar Grimstad
> Les Hazlewood (Stormpath, Inc.)
> Will Hopkins (Oracle)
> Werner Keil
> Matt Konda (Jemurai)
> Darran Lofthouse (RedHat)
> Jean-Louis Monteiro (Tomitribe)
> Pedro Igor Silva (RedHat)
> Arjan Tijms (ZEEF)
> [pending participant from IBM]
>
> I am Alex, the spec lead from Oracle.
>
> The current members of the expert group and their contact information
> are listed on the expert group home page at jcp.org,
> "https://jcp.org/en/eg/view?id=375". We still have one pending
> participant from IBM, and I expect they will monitor the user's mailing
> list while the JCP processes the nomination.
>
> I expect most discussions will be ongoing using this Expert Group
> mailing list, and (automatically) CCed to the user's mailing list. If
> practical, I would also like to have occasional Web Conferences. I will
> have an introductory web conference soon. Timezone wise, we are
> currently spread from California to Western Europe, so perhaps meeting
> at Noon (12 PM) US Eastern Standard Time may be a good compromise.
>
> We will generally decide on issues by consensus of the Expert Group.
> However, should polling be needed, each JCP member will get one vote. So
> JCP members on the Expert Group with multiple representatives would
> still only get one vote.
>
> =====
>
> Okay, now that we got that admin stuff out of the way...
>
> The Java EE Security API needs a lot of work from an application
> developer's perspective. JSR 375 is proposing to improve EE security API
> portability and simplicity, and to modernize it.
>
> Here are some proposed improvements to consider...
>
> Portability:
> - User Management
> - Password Aliasing
> - Role Mapping
>
> Simplicity:
> - Add conveniences to simplify authentication, e.g. JASPIC
>
> Modernization:
> - Authentication CDI Events
> - Authorization CDI Events
> - Authorization CDI Interceptors
> - EL Authorization Rules
>
>
> The original proposal is available here:
> "https://jcp.org/en/jsr/detail?id=375#orig".
>
>
> I would like to start our discussions with: standardizing an API for
> User Management. This would allow an application to
> add/update/remove/query users in a repository within the scope of an
> application. Since the focus here is simplicity, lets consider an API
> similar to PicketLink or Shiro. However, something like JSR 351 Java
> Identity API may be too complex for the typical application developer.
> What do you think? Let's discuss!
>
> =====
>
> Finally, so that I know that the expert group mailing list on java.net
> is working correctly, would you please reply to the mailing list?
> Briefly introduce yourself to the group and let us know in which
> particular areas of this JSR you yourself are most interested in
> contributing.
>
> I am looking forward to working with all of you!
>
> Thanks,
> Alex
>
--
Darran Lofthouse - Principal Software Engineer
Registered in England and Wales under Company Registration No. 03798903
Directors: Michael Cunningham (US), Charles Peters (US), Matt Parson
(US), Michael O'Neill(Ireland)