From: Adam Bien <abien_at_adam-bien.com>
Date: Fri, 12 Jun 2015 15:48:13 +0200

+1 for 1.



> On 12 Jun 2015, at 14:22, arjan tijms <arjan.tijms_at_gmail.com> wrote:
>
> Hi,
>
> We're again a few weeks later, so let's now really close the vote. As a reminder for the future; it's probably better to establish how long the vote will be open from the beginning. Letting the vote be opened indefinitely, waiting until everyone has voted is perhaps in hindsight not the best idea ;)
>
> But...
>
> We've established two working terms:
>
> 1. Identity Store
> 2. Authentication Mechanism
>
> If nobody objects I'll provisionally close issue 1 (https://java.net/jira/browse/JAVAEE_SECURITY_SPEC-1), to show we've made some progress.
>
> If nobody objects either I'll go rename some terms in the existing issues and perhaps code examples in the Git repo to comply with these terms.
>
> Kind regards,
> Arjan Tijms
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>> On Wed, May 27, 2015 at 12:39 AM, arjan tijms <arjan.tijms_at_gmail.com> wrote:
>> Hi,
>>
>>> On Wed, May 27, 2015 at 12:04 AM, Alex Kosowski <alex.kosowski_at_oracle.com> wrote:
>>> My vote is for "Authentication Mechanism".
>>
>> Okay, the race is on ;)
>>
>> Terms so far:
>>
>> * auth-method (Servlet)
>> * authentication method (Resin term 1)
>> * authentication mechanism (Undertow)
>> * authenticator (Tomcat)
>> * login manager (Resin term 2)
>> * login (Resin term 3)
>>
>> 9 out of 14 voted:
>>
>> Arjan Tijms - authentication mechanism
>> Adam: auth-method (because in web.xml + servlet)
>> Darran Lofthouse - authentication mechanism
>> Pedro Igor - authentication mechanism
>> Rudy De Busscher - authentication mechanism (slightly favored) /
>> authentication method
>> Werner Keil - authentication method
>> Ivar Grimstad - auth-method / authentication method
>> Ajay Reddy - Authentication method
>> Alex Kosowski - Authentication Mechanism
>>
>>
>> Organized per term:
>>
>> authentication mechanism - 5
>> authentication method - 4
>> auth-method - 2
>>
>> Kind regards,
>> Arjan Tijms
>>
>>
>>
>>>
>>> Thanks,
>>> Alex
>>>
>>>
>>>> On 5/20/15 11:13 AM, arjan tijms wrote:
>>>> p.s.
>>>>
>>>> I just noticed that the Servlet spec is in fact using both terms as well.
>>>>
>>>> This is most evident in (emphasis mine)
>>>>
>>>> 13.6:
>>>>
>>>> Authentication
>>>>
>>>> A web client can authenticate a user to a web server using one of the following
>>>> *mechanisms*:
>>>>
>>>> * HTTP Basic Authentication
>>>> * HTTP Digest Authentication
>>>> * HTTPS Client Authentication
>>>> * Form Based Authentication
>>>>
>>>>
>>>> 13.6.5:
>>>>
>>>> Additional Container Authentication *Mechanisms*
>>>>
>>>> Servlet containers should provide public interfaces that may be used to integrate and
>>>> configure additional HTTP message layer *authentication mechanisms* for use by the
>>>> container on behalf of deployed applications.
>>>>
>>>> And in 14.4:
>>>>
>>>> The login-config is used to configure the *authentication method* that should
>>>> be used, the realm name that should be used for this application, and the
>>>> attributes that are needed by the form login *mechanism*. The sub-element auth-
>>>> method configures the *authentication mechanism* for the Web application.
>>>>
>>>> In fact, despite the web.xml element being called "auth-method", the spec actually seems to have more references to "authentication mechanism" than it has to "authentication method" or "auth-method" (although search in PDF is not 100% accurate).
>>>>
>>>> Maybe it's an issue that should be raised with the Servlet spec as well.
>>>>
>>>> Kind regards,
>>>> Arjan Tijms
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>> On Wed, May 20, 2015 at 3:09 PM, Ajay Reddy <areddy_at_us.ibm.com> wrote:
>>>>> I use both these terms when discussing authentication, but I think I use Method more than Mechanism :-) - so my vote is for Authentication Method.
>>>>>
>>>>>
>>>>> Regards,
>>>>> Ajay Reddy
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> <mime-attachment.gif>Werner Keil ---05/20/2015 07:24:01 AM---Actually if there are more out of the 14 eligable who might still cast their vote now, could I pleas
>>>>>
>>>>> From: Werner Keil <werner.keil_at_gmail.com>
>>>>> To: "jsr375-experts_at_javaee-security-spec.java.net" <jsr375-experts_at_javaee-security-spec.java.net>
>>>>> Date: 05/20/2015 07:24 AM
>>>>> Subject: [javaee-security-spec users] [jsr375-experts] Re: 1-TerminologyAuthInteractionVsStore ACTION: cast vote
>>>>>
>>>>>
>>>>>
>>>>> Actually if there are more out of the 14 eligable who might still cast their vote now, could I please
>>>>> -1 "authentication mechanism"? to give "authentication method" a fair chance?;-)
>>>>> It was my 2nd choice anyway.
>>>>>
>>>>> Thanks,
>>>>> Werner
>>>>>
>>>>> On Wed, May 20, 2015 at 2:19 PM, arjan tijms <arjan.tijms_at_gmail.com> wrote:
>>>>> Hi,
>>>>>
>>>>> On Wed, May 20, 2015 at 2:04 PM, Ivar Grimstad wrote:
>>>>> I think I will go for auth-method for the same reasons as Adam mentioned, but authentication method sounds just as fine.
>>>>>
>>>>> Great, that now gives us:
>>>>>
>>>>> Terms so far:
>>>>>
>>>>> * auth-method
>>>>> * authentication method (Resin term 1)
>>>>> * authentication mechanism (Undertow)
>>>>> * authenticator (Tomcat)
>>>>> * login manager (Resin term 2)
>>>>> * login (Resin term 3)
>>>>>
>>>>> 7 out of 14 voted:
>>>>>
>>>>> Arjan Tijms - authentication mechanism
>>>>> Adam: auth-method (because in web.xml + servlet)
>>>>> Darran Lofthouse - authentication mechanism
>>>>> Pedro Igor - authentication mechanism
>>>>> Rudy De Busscher - authentication mechanism (slightly favored) /
>>>>> authentication method
>>>>> Werner Keil - authentication mechanism /
>>>>> authentication method (slightly favored)
>>>>> Ivar Grimstad - auth-method / authentication method
>>>>>
>>>>>
>>>>> Organized per term:
>>>>>
>>>>> authentication mechanism - 5
>>>>> authentication method - 3
>>>>> auth-method - 2
>>>>>
>>>>> Kind regards,
>>>>> Arjan Tijms
>