users@javaee-security-spec.java.net

[javaee-security-spec users] [jsr375-experts] Re: Re: 1-TerminologyAuthInteractionVsStore DONE! provisionally closed

From: arjan tijms <arjan.tijms_at_gmail.com>
Date: Fri, 12 Jun 2015 14:22:27 +0200

Hi,

We're again a few weeks later, so let's now really close the vote. As a
reminder for the future; it's probably better to establish how long the
vote will be open from the beginning. Letting the vote be opened
indefinitely, waiting until everyone has voted is perhaps in hindsight not
the best idea ;)

But...

We've established two working terms:

1. Identity Store
2. Authentication Mechanism

If nobody objects I'll provisionally close issue 1 (
https://java.net/jira/browse/JAVAEE_SECURITY_SPEC-1), to show we've made
some progress.

If nobody objects either I'll go rename some terms in the existing issues
and perhaps code examples in the Git repo to comply with these terms.

Kind regards,
Arjan Tijms


















On Wed, May 27, 2015 at 12:39 AM, arjan tijms <arjan.tijms_at_gmail.com> wrote:

> Hi,
>
> On Wed, May 27, 2015 at 12:04 AM, Alex Kosowski <alex.kosowski_at_oracle.com>
> wrote:
>
>> My vote is for "Authentication Mechanism".
>>
>
> Okay, the race is on ;)
>
> Terms so far:
>
> * auth-method (Servlet)
> * authentication method (Resin term 1)
> * authentication mechanism (Undertow)
> * authenticator (Tomcat)
> * login manager (Resin term 2)
> * login (Resin term 3)
>
> 9 out of 14 voted:
>
> Arjan Tijms - authentication mechanism
> Adam: auth-method (because in web.xml + servlet)
> Darran Lofthouse - authentication mechanism
> Pedro Igor - authentication mechanism
> Rudy De Busscher - authentication mechanism (slightly favored) /
> authentication method
> Werner Keil - authentication method
> Ivar Grimstad - auth-method / authentication method
> Ajay Reddy - Authentication method
> Alex Kosowski - Authentication Mechanism
>
>
> Organized per term:
>
> authentication mechanism - 5
> authentication method - 4
> auth-method - 2
>
> Kind regards,
> Arjan Tijms
>
>
>
>
>>
>> Thanks,
>> Alex
>>
>>
>> On 5/20/15 11:13 AM, arjan tijms wrote:
>>
>> p.s.
>>
>> I just noticed that the Servlet spec is in fact using both terms as
>> well.
>>
>> This is most evident in (emphasis mine)
>>
>> 13.6:
>>
>> Authentication
>>
>> A web client can authenticate a user to a web server using one of the
>> following
>> *mechanisms*:
>>
>> * HTTP Basic Authentication
>> * HTTP Digest Authentication
>> * HTTPS Client Authentication
>> * Form Based Authentication
>>
>>
>> 13.6.5:
>>
>> Additional Container Authentication *Mechanisms*
>>
>> Servlet containers should provide public interfaces that may be used to
>> integrate and
>> configure additional HTTP message layer *authentication mechanisms* for
>> use by the
>> container on behalf of deployed applications.
>>
>> And in 14.4:
>>
>> The login-config is used to configure the *authentication method* that
>> should
>> be used, the realm name that should be used for this application, and the
>> attributes that are needed by the form login *mechanism*. The sub-element
>> auth-
>> method configures the *authentication mechanism* for the Web application.
>>
>> In fact, despite the web.xml element being called "auth-method", the
>> spec actually seems to have more references to "authentication mechanism"
>> than it has to "authentication method" or "auth-method" (although search in
>> PDF is not 100% accurate).
>>
>> Maybe it's an issue that should be raised with the Servlet spec as well.
>>
>> Kind regards,
>> Arjan Tijms
>>
>>
>>
>>
>>
>> On Wed, May 20, 2015 at 3:09 PM, Ajay Reddy <areddy_at_us.ibm.com> wrote:
>>
>>> I use both these terms when discussing authentication, but I think I
>>> use Method more than Mechanism :-) - so my vote is for Authentication
>>> Method.
>>>
>>>
>>> Regards,
>>> Ajay Reddy
>>>
>>>
>>>
>>>
>>> [image: Inactive hide details for Werner Keil ---05/20/2015 07:24:01
>>> AM---Actually if there are more out of the 14 eligable who might s]Werner
>>> Keil ---05/20/2015 07:24:01 AM---Actually if there are more out of the 14
>>> eligable who might still cast their vote now, could I pleas
>>>
>>> From: Werner Keil <werner.keil_at_gmail.com>
>>> To: "jsr375-experts_at_javaee-security-spec.java.net" <
>>> jsr375-experts_at_javaee-security-spec.java.net>
>>> Date: 05/20/2015 07:24 AM
>>> Subject: [javaee-security-spec users] [jsr375-experts] Re:
>>> 1-TerminologyAuthInteractionVsStore ACTION: cast vote
>>> ------------------------------
>>>
>>>
>>>
>>> Actually if there are more out of the 14 eligable who might still cast
>>> their vote now, could I please
>>> -1 "authentication mechanism"? to give "authentication method" a fair
>>> chance?;-)
>>> It was my 2nd choice anyway.
>>>
>>> Thanks,
>>> Werner
>>>
>>> On Wed, May 20, 2015 at 2:19 PM, arjan tijms <*arjan.tijms_at_gmail.com*
>>> <arjan.tijms_at_gmail.com>> wrote:
>>>
>>> Hi,
>>>
>>> On Wed, May 20, 2015 at 2:04 PM, Ivar Grimstad wrote:
>>> I think I will go for auth-method for the same reasons as Adam
>>> mentioned, but authentication method sounds just as fine.
>>>
>>> Great, that now gives us:
>>>
>>> Terms so far:
>>>
>>> * auth-method
>>> * authentication method (Resin term 1)
>>> * authentication mechanism (Undertow)
>>> * authenticator (Tomcat)
>>> * login manager (Resin term 2)
>>> * login (Resin term 3)
>>>
>>> 7 out of 14 voted:
>>>
>>> Arjan Tijms - authentication mechanism
>>> Adam: auth-method (because in web.xml + servlet)
>>> Darran Lofthouse - authentication mechanism
>>> Pedro Igor - authentication mechanism
>>> Rudy De Busscher - authentication mechanism (slightly favored) /
>>> authentication method
>>> Werner Keil - authentication mechanism /
>>> authentication method (slightly favored)
>>> Ivar Grimstad - auth-method / authentication method
>>>
>>>
>>> Organized per term:
>>>
>>> authentication mechanism - 5
>>> authentication method - 3
>>> auth-method - 2
>>>
>>> Kind regards,
>>> Arjan Tijms
>>>
>>>
>>>
>>
>




picture
(image/gif attachment: 01-part)