jsr375-experts@javaee-security-spec.java.net

[jsr375-experts] Re: Upcoming Renewal Ballot

From: arjan tijms <arjan.tijms_at_gmail.com>
Date: Tue, 22 Nov 2016 10:38:16 +0100

Hi,

On Tue, Nov 22, 2016 at 12:44 AM, Werner Keil <werner.keil_at_gmail.com> wrote:

> While OpenID Connect offers to add some optional metadata a concept of
> roles seems undefined right now, so we may not require it for certain use
> cases, but others would certainly benefit from it.
> JAX-RS has its own SecurityContext https://jax-rs-spec.java.net/nonav/2.0/
> apidocs/javax/ws/rs/core/SecurityContext.html
>

Indeed, so as per the JIRA issue the first and foremost goal of the
SecurityContext is essentially a cross-spec version of the JAX-RS
SecurityContext.

Basically if it has the isCallerInRole and getCallerPrincipal methods, it's
95% there.

Those two methods are now found in more or less identical versions in 4
different specs.

Kind regards,
Arjan Tijms



> Looking at Spring Security the SecurityContext interfact there is somewhat
> closer to the one in JSR 375 but it also has a getter for an Authentication
> object.
> In https://java.net/jira/browse/JAVAEE_SECURITY_SPEC-12 this could be
> getCallerPrincipal(), getAuthMethod() or similar but they do not currently
> exist in SecurityContect.
>
> Kind Regards,
> Werner
>
>
> On Mon, Nov 21, 2016 at 11:07 PM, Will Hopkins <will.hopkins_at_oracle.com>
> wrote:
>
>> Experts,
>>
>> While I've received some input for the spec from Arjan (thanks!), and
>> there may be some coming from Werner as well, I haven't been able to put
>> the terminology section in place, and the content we have so far is, I
>> think, too thin to release as an EDR.
>>
>> I therefore propose we move forward with the renewal ballot, indicating
>> that the EDR is taking shape and expected to be released soon, and that the
>> expert group is active and involved in producing the EDR, as well as the
>> API and an associated RI. It's my understanding that there is unlikely to
>> be a problem getting the renewal ballot approved.
>>
>> What say you all?
>>
>> Will
>>
>> --
>> Will Hopkins | Platform Security Architect | +1.781.442.0310
>> Oracle Cloud Application Foundation
>> 35 Network Drive, Burlington, MA 01803
>>
>>
> --
> You received this message because you are subscribed to the Google Groups
> "Java EE Security API - JSR 375 - Experts" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to jsr375-experts+unsubscribe_at_googlegroups.com.
> To post to this group, send email to jsr375-experts_at_googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/
> msgid/jsr375-experts/CAAGawe04QWmHBt5xKR0P_02NOHwgrQ_e8pWGfEjUvPzWoAtJ4w%
> 40mail.gmail.com
> <https://groups.google.com/d/msgid/jsr375-experts/CAAGawe04QWmHBt5xKR0P_02NOHwgrQ_e8pWGfEjUvPzWoAtJ4w%40mail.gmail.com?utm_medium=email&utm_source=footer>
> .
> For more options, visit https://groups.google.com/d/optout.
>