users@javaee-security-spec.java.net

[javaee-security-spec users] [jsr375-experts] Re: [javaee-security-proposals] add a proposal for a SecurityBindingType (#6)

From: Alex Kosowski <alex.kosowski_at_oracle.com>
Date: Wed, 25 Mar 2015 10:58:40 -0400

> @dblevins <https://github.com/dblevins> Should be perhaps already
> start thinking about organization of this repo? A first level
> "authentication" and "authorization" perhaps? Then authentication
> organized in "mechanism" and "store" (even though we don't have a
> final term for that last one yet).
Sounds like these would be the expected, reasonable security categories,
certainly reasonable for a repo.

Alex



On 3/25/15 8:34 AM, Arjan Tijms wrote:
>
> Just wondering how to categorize this example.
>
> It's an authorization example it seems, but is this an example of a
> CDI based "@RolesAllowed" (as proposed in
> https://java.net/jira/browse/JAVAEE_SECURITY_SPEC-23), or is this
> closer to the "@EvaluateSecured" (as proposed in
> https://java.net/jira/browse/JAVAEE_SECURITY_SPEC-7 see also
> https://github.com/javaee-security-spec/javaee-security-proposals/tree/master/el-authorization)?
>
> @dblevins <https://github.com/dblevins> Should be perhaps already
> start thinking about organization of this repo? A first level
> "authentication" and "authorization" perhaps? Then authentication
> organized in "mechanism" and "store" (even though we don't have a
> final term for that last one yet).
>
> At least make people a bit aware of what they are exactly demoing, and
> how it fits into the grand scheme of things? Maybe Rudy's mindmap and
> my diagram can be of help here too.
>
> —
> Reply to this email directly or view it on GitHub
> <https://github.com/javaee-security-spec/javaee-security-proposals/pull/6#issuecomment-86006503>.
>