users@javaee-security-spec.java.net

[javaee-security-spec users] [jsr375-experts] Re: Devoxx BE feedback

From: Rudy De Busscher <rdebusscher_at_gmail.com>
Date: Mon, 16 Nov 2015 19:51:18 +0100

@All,

Just want to add one additional thing.

There was a question about adding 'metadata' of the logged in user (like
department, affiliate, ...) so that it can be used to determine if the
user/caller is allowed to execute the specified action.

Hope to meet some more experts another time. :)

Best regards
Rudy


On 16 November 2015 at 15:53, Jean-Louis Monteiro <jlmonteiro_at_tomitribe.com>
wrote:

> Hi everyone,
>
> Was last week at Devoxx BE. Got to meet Rudy from the expert group which
> is nice.
> The talk itself went great. Did reuse some of the materials already done
> previously.
>
> Good participation during regular polls when I was talking.
> Surprisingly no question during the Q/R which made me feel bad.
>
> But right after the applause, about 10 people jumped on stage to discuss
> and congratulate me which made me feel a bit better.
> Wasn't my best talk at all, but looks like at least some people found it
> interesting.
>
> Some feedback
>
> - rather use user than caller for the consistency question
>
> - CDI must be in the landscape - @Transactional used as a comparison of
> the thing to do. Antoine also opened the doors to collaborate.
>
> - Events - people overall really liked the event approach to either
> collect information about the authN/authZ process, or also to authenticate
> as we proposed in the playground.
>
> - Websocket - please do not forget it. What about HTTP/2 also.
>
> - Multi-tenancy - targeting the cloud is a great decision but
> multi-tenancy must be addressed.
>
> Hope this helps our discussions.
>
> --
> Jean-Louis Monteiro
> http://twitter.com/jlouismonteiro
> http://www.tomitribe.com
>