Thank you Alex, just getting all the repos checked out now.
On 20/03/15 17:26, Alex Kosowski wrote:
> Hi Darran,
>
> Welcome!
>
> We are in the brainstorming stage of the JSR.
>
> * The mailing list has had some interesting discussions
> * Our JIRA: https://java.net/jira/browse/JAVAEE_SECURITY_SPEC
> * Our playground Github:
> https://github.com/javaee-security-spec/javaee-security-proposals
> * Our shared Google Group folder:
> https://drive.google.com/drive/#folders/0B6fBL__7IToLaXRyRnUzTXJPeEk
> * Our JCP page: https://jcp.org/en/jsr/detail?id=375
> * Our project page: https://java.net/projects/javaee-security-spec
>
> Please let us know if you are having trouble accessing anything. The EG
> should have edit rights to all these resources.
>
>
> Thanks,
> Alex
>
>
> On 3/20/15 1:07 PM, Darran Lofthouse wrote:
>> Hello all,
>>
>> Apologies for the delay replying, had some time off work and been
>> extremely busy since returning.
>>
>> My name is Darran Lofthouse, I am a software engineer at Red Hat. I
>> first started using JBoss back in the J2EE 1.3 days as a developer
>> deploying applications to JBoss, I subsequently joined JBoss before
>> the Red Hat acquisition and spent 5 years in the support team
>> providing 3rd line support to various JBoss AS and EAP releases.
>> About 4 years ago I transitioned over to the engineering team
>> developing the JBoss AS7 application server and subsequently WildFly.
>>
>> Currently I am the lead engineer for the WildFly Elytron project which
>> is a project currently working to update and unify the security
>> solution in-place across the application server - hence my interest in
>> this group.
>>
>> Within WildFly we have a strong preference towards using stronger
>> authentication mechanisms for client / server interaction whether that
>> be over HTTP or our own native protocols, this throws up a whole host
>> of issues which we are working through in the Elytron project, some of
>> the more notable ones include identity switching and identity
>> propagation so hopefully we have a lot to offer here.
>>
>> I look forward to working with you all.
>>
>> Regards,
>> Darran Lofthouse.
>>
>> On 05/03/15 04:26, Alex Kosowski wrote:
>>> Hi Experts,
>>>
>>> Welcome to the EE Security API (JSR 375) expert group!
>>>
>>> Thanks again for offering to participate. The expert group includes
>>> experts from seven companies and includes individuals. The current
>>> members are:
>>>
>>> Adam Bien
>>> David Blevins (Tomitribe)
>>> Rudy De Busscher
>>> Ivar Grimstad
>>> Les Hazlewood (Stormpath, Inc.)
>>> Will Hopkins (Oracle)
>>> Werner Keil
>>> Matt Konda (Jemurai)
>>> Darran Lofthouse (RedHat)
>>> Jean-Louis Monteiro (Tomitribe)
>>> Pedro Igor Silva (RedHat)
>>> Arjan Tijms (ZEEF)
>>> [pending participant from IBM]
>>>
>>> I am Alex, the spec lead from Oracle.
>>>
>>> The current members of the expert group and their contact information
>>> are listed on the expert group home page at jcp.org,
>>> "https://jcp.org/en/eg/view?id=375". We still have one pending
>>> participant from IBM, and I expect they will monitor the user's mailing
>>> list while the JCP processes the nomination.
>>>
>>> I expect most discussions will be ongoing using this Expert Group
>>> mailing list, and (automatically) CCed to the user's mailing list. If
>>> practical, I would also like to have occasional Web Conferences. I will
>>> have an introductory web conference soon. Timezone wise, we are
>>> currently spread from California to Western Europe, so perhaps meeting
>>> at Noon (12 PM) US Eastern Standard Time may be a good compromise.
>>>
>>> We will generally decide on issues by consensus of the Expert Group.
>>> However, should polling be needed, each JCP member will get one vote. So
>>> JCP members on the Expert Group with multiple representatives would
>>> still only get one vote.
>>>
>>> =====
>>>
>>> Okay, now that we got that admin stuff out of the way...
>>>
>>> The Java EE Security API needs a lot of work from an application
>>> developer's perspective. JSR 375 is proposing to improve EE security API
>>> portability and simplicity, and to modernize it.
>>>
>>> Here are some proposed improvements to consider...
>>>
>>> Portability:
>>> - User Management
>>> - Password Aliasing
>>> - Role Mapping
>>>
>>> Simplicity:
>>> - Add conveniences to simplify authentication, e.g. JASPIC
>>>
>>> Modernization:
>>> - Authentication CDI Events
>>> - Authorization CDI Events
>>> - Authorization CDI Interceptors
>>> - EL Authorization Rules
>>>
>>>
>>> The original proposal is available here:
>>> "https://jcp.org/en/jsr/detail?id=375#orig".
>>>
>>>
>>> I would like to start our discussions with: standardizing an API for
>>> User Management. This would allow an application to
>>> add/update/remove/query users in a repository within the scope of an
>>> application. Since the focus here is simplicity, lets consider an API
>>> similar to PicketLink or Shiro. However, something like JSR 351 Java
>>> Identity API may be too complex for the typical application developer.
>>> What do you think? Let's discuss!
>>>
>>> =====
>>>
>>> Finally, so that I know that the expert group mailing list on java.net
>>> is working correctly, would you please reply to the mailing list?
>>> Briefly introduce yourself to the group and let us know in which
>>> particular areas of this JSR you yourself are most interested in
>>> contributing.
>>>
>>> I am looking forward to working with all of you!
>>>
>>> Thanks,
>>> Alex
>>>
>>
--
Darran Lofthouse - Principal Software Engineer
Registered in England and Wales under Company Registration No. 03798903
Directors: Michael Cunningham (US), Charles Peters (US), Matt Parson
(US), Michael O'Neill(Ireland)