Hi,
On Tue, Apr 14, 2015 at 11:18 AM, Jean-Louis Monteiro
<jlmonteiro_at_tomitribe.com> wrote:
> As discussed with Alex last week in Paris, I'd like to start seeing some
> peaces put together into a single doc.
>
> Long mails (60 replies) with quotes and quotes from quotes and replies, with
> sometimes nested discussions makes it difficult to participate and follow.
>
> With the time frame, we will have to do some choices and be focused. We
> don't want for examples to add anything we are not sure and would restrict
> us for next versions.
Definitely. Some principally good things have floated by, like the
security inflow from other places than web (JCA, EJB, ...), identity
propagation and federation, identity attributes, dynamic roles per
realm, etc. While they are all very cool topics, I'm almost certain
that's way too much and complicated for the current release.
But as you said, please let's keep in mind that for Java EE Security
1.1 or 2.0 we may wanna revisit those topics.
For now I'd say that even if we only got those "identity stores" and
"group to role (to permission) mapping" specified well and a
simplification for the "authentication mechanism" in place, and have
that all working based on/together with CDI then we'd already added *a
lot* of value to Java EE.
> We want probably something simple and start making the existing usable in
> order to get users involved and provides us with more feedback.
+1. I think the scope document Alex posted a while ago is a very good
start. Examples and issues can be linked to that overall structure
then.
Kind regards,
Arjan Tijms
>
> Anyway, we were thinking about starting creating an asciidoc document into
> github so that it's versioned and we can all edit in parallel. As it's text
> only, it's very easy to merge.
>
> Wdyt?
>
> Jean Louis