users@javaee-security-spec.java.net

[javaee-security-spec users] [jsr375-experts] Re: JavaOne, EDR & possible Hackergarten about JSR 375

From: Alex Kosowski <alex.kosowski_at_oracle.com>
Date: Wed, 14 Oct 2015 21:08:35 -0400

Hi,

The JCP will likely be putting JSR 375 up for a renewal ballot after
JavaOne. I think some other EE 8 specs are similarly up for renewal. I
have not been informed regarding what we need to provide, but as long as
our EG is reasonably active I think we will be fine.

Regarding the JCP EC F2F (i.e. Java Community Process Executive
Committee Face To Face), I have been given a slide template and I have
been filling it out. The focus of the review is more on how the EG is
following the process regarding transparency and participation
obligations, than on the technical details. I do not think a demo is needed.

Regarding the EDR, my understanding is that the EDR is a snapshot of our
progress. Of course, the more progress the better, and we can release
multiple EDRs. The currently published JSR-375 EDR date is Q4 2015, so I
see this as sometime in December.

For EDR, I would like to at least touch upon as many of the Epics as
possible:

  * API for Identity Store
  * API for Authentication Mechanism
  * API for Password Aliasing
  * API for Role/Permission Assignment
  * API for Security Context
  * API for Authorization Interceptors

I think Identity Store is well defined, with some open issues.

As for trying some of the proposals in the Hackergarten, I am not quite
sure what you mean. There are some interfaces and samples in the repo,
but not a lot of working code. I will probably be digging into the
proposals during the BOF.

JSR 375 will get some exposure:

  * Presented at the JCP EC F2F
  * Presented at a dedicated conference session
  * Presented at a dedicated BOF
  * Presented in slides on EE 8 at the Oracle Demo booth
  * Represented in various EE 8 platform sessions

It would be nice to have something to demo. I guess I could demo a
JASPIC SAM using the CDI based Identity Store. Any ideas?

With regards,
Alex

On 10/14/15 5:15 AM, Werner Keil wrote:
> Hi,
>
> Sounds like a plan. Many JSRs like 362 (just filed it this week) go
> for multiple EDRs nowadays to follow a more "Agile" iterative approach.
> If Alex was able to announce or already initiate EDR proposal to the
> PMO, maybe it could even avert a renewal ballot (as mentioned, the
> list is fairly long, and e.g. JAX-RS was recently notified they had to
> expect one pretty soon due to the deadline;-)
>
> Kind Regards,
> Werner
>
> On Wed, Oct 14, 2015 at 11:03 AM, arjan tijms <arjan.tijms_at_gmail.com
> <mailto:arjan.tijms_at_gmail.com>> wrote:
>
> Hi,
>
> On Wed, Oct 14, 2015 at 10:03 AM, Werner Keil
> <werner.keil_at_gmail.com <mailto:werner.keil_at_gmail.com>> wrote:
> > Dear Experts,
> >
> > Given the JSR was approved last December, it may just be a matter
> of time,
> > till we face a Renewal Ballot, since the official deadlines are
> pretty much
> > 9 months to produce EDR 1.
>
> What do you guys think; the current (or slightly revised) identity
> store proposal that Alex wrote could easily function as a base for the
> EDR, couldn't it? Add a chapter for the terminology that we've
> established, and perhaps add one of the diagrams that were mailed to
> the list earlier, and then start the next major chapter with the
> identity store proposal.
>
> I don't know the exact process to submit the EDR, but iff the above
> would be enough, then maybe end of this week can be a target for
> submitting this?
>
> Kind regards,
> Arjan Tijms
>
>
>
>
>
> >
> > Patrick recently said, Oracle led JSRs are not "more equal" when
> it comes to
> > that, so it is likely the EC will have such ballots on its plate
> (not just
> > for 375 btw.;-)
> >
> > The open, community-driven momentum with the "proposals" repository
> >
> https://github.com/javaee-security-spec/javaee-security-proposals
> sounds
> > like a great opportunity to try some of them at Hackergarten
> during JavaOne.
> >
> > If Alex is already in SF, I trust he arranged a F2F Spec Lead
> demo to the EC
> > as well. Certainly a good chance to give them an idea what's
> happening
> > beyond my brief overview in London. And to give them sufficient
> information
> > if a Renewal Ballot was up in the next few weeks or months.
> >
> > WDYT?,
> > Werner
>
>