You'd have to ask David or Alex (depending on who is more responsive right
now?;-) but I'd say, at the very least you could/should be an admin if
that's used by the organization or otherwise also made co-owner.
I have a similar role in JSR 354 (as I helped create it like David did
here), so that's not reserved to Spec Leads alone.
Werner
On Mon, Feb 1, 2016 at 12:19 PM, arjan tijms <arjan.tijms_at_gmail.com> wrote:
> Okay, cool, so if either of them could make me an owner too, OR create
> that soteria repo, then I can copy the code to there. After the version can
> become edr1-alpha1 or something, We can then increase the alphaX versions
> until we do the actual EDR submission.
>
>
>
>
>
>
> On Mon, Feb 1, 2016 at 12:11 PM, Werner Keil <werner.keil_at_gmail.com>
> wrote:
>
>> Yes, according to GitHub only Alex and David are owners, so either of
>> them could add such repo;-)
>>
>> Kind Regards,
>> Werner
>>
>> On Mon, Feb 1, 2016 at 12:01 PM, arjan tijms <arjan.tijms_at_gmail.com>
>> wrote:
>>
>>> Hi,
>>>
>>> On Mon, Feb 1, 2016 at 11:48 AM, Werner Keil <werner.keil_at_gmail.com>
>>> wrote:
>>>
>>>> P.s.: IMHO the "edr1" should not be part of the artifactId, it's
>>>> clearly a part of the version number.
>>>>
>>>
>>> I guess it is, but shouldn't soteria then not become it's own top level
>>> repo? E.g. https://github.com/javaee-security-spec/soteria
>>>
>>> One of the reasons I went with edr1 in the artifact name for now (I
>>> knows it's not ideal and should be changed) is that the version as set in
>>> Maven would best be aligned with the git tag, but if you do that know the
>>> entire https://github.com/javaee-security-spec/javaee-security-proposals
>>> repo would get that tag. The authentication/authorization etc folders are
>>> independent of that.
>>>
>>> Kind regards,
>>> Arjan Tijms
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>> So maybe we could have 2 Maven modules under "soteria-proposal" or
>>>> similar and simply call them "javax.security-api:security-api" (in the
>>>> API project the artifactId also contains the "javax" part, not sure, if
>>>> other EE JSRs do that also on MavenCentral?) as well as "
>>>> net.java.jsr375:soteria" for now.
>>>>
>>>> Something like "EDR1" "B01" or similar should only be in the version
>>>> number.
>>>>
>>>> Thanks,
>>>> Werner
>>>>
>>>> On Mon, Feb 1, 2016 at 11:38 AM, Werner Keil <werner.keil_at_gmail.com>
>>>> wrote:
>>>>
>>>>> At least Reza is very eager blogging all the time, maybe he could help
>>>>> us with some of the things like updating RI list, etc.?;-)
>>>>>
>>>>> Cheers,
>>>>>
>>>>> Werner
>>>>>
>>>>> On Mon, Feb 1, 2016 at 11:36 AM, Werner Keil <werner.keil_at_gmail.com>
>>>>> wrote:
>>>>>
>>>>>> Sounds great, thanks.
>>>>>>
>>>>>> If anybody has enough rights in JIRA we could schedule these
>>>>>> accordingly and define at least "versions" for each of these EDR and other
>>>>>> steps.
>>>>>>
>>>>>> I noticed, the larger Glassfish community has also not been updated
>>>>>> for 3 years now (guess Oracle is not so interested in Glassfish now after
>>>>>> all? ;-|)
>>>>>> https://glassfish.java.net/rel-projects.html
>>>>>>
>>>>>> MVC and JSR 375 RIs should be listed there and if there is a CI
>>>>>> server instance for Glassfish or related projects, we should try to run
>>>>>> those on a CI build, too.
>>>>>>
>>>>>> Known public CI servers like Travis or Circle-CI would also work if
>>>>>> we had to do this on our own.
>>>>>>
>>>>>> Kind Regards,
>>>>>> Werner
>>>>>>
>>>>>> On Mon, Feb 1, 2016 at 12:43 AM, arjan tijms <arjan.tijms_at_gmail.com>
>>>>>> wrote:
>>>>>>
>>>>>>> On Sun, Jan 31, 2016 at 8:28 PM, Werner Keil <werner.keil_at_gmail.com>
>>>>>>> wrote:
>>>>>>>
>>>>>>>> Ideally we should keep API/Spec (it's simply Asciidoc like JSR 354)
>>>>>>>> and RI separate.
>>>>>>>> Snapshot repos are fine, we used JFrog OSS with JSRs 354 or 363 but
>>>>>>>> Sonatype is just as good (possibly easier to get it to MavenCentral then)
>>>>>>>>
>>>>>>>
>>>>>>> Indeed, we went specifically for that with Sonatype for OmniFaces.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>> From a process point we have up to 1 year from the Renewal Ballot,
>>>>>>>> but of course it's always better to produce something earlier. Could always
>>>>>>>> do EDR2 or more similar to MVC and others.
>>>>>>>>
>>>>>>>
>>>>>>> Yeah, I think it's best we do something like that.
>>>>>>>
>>>>>>> EDR1 is then roughly;
>>>>>>>
>>>>>>> * Authentication Mechanism base API
>>>>>>> * Several implementations of authentication mechanisms
>>>>>>> * Two mechanism interceptors; auto session and remember me
>>>>>>> * Identity store base API
>>>>>>> * Several implementations of identity stores
>>>>>>> * Standard Principal for the caller (used by JSR 375 at least,
>>>>>>> standardising this for the entire platform will be bigger task)
>>>>>>>
>>>>>>> For EDR2 to consider:
>>>>>>>
>>>>>>> * Multi authentication mechanism proposal from Darran
>>>>>>> * Multi identity store proposal from Rudy
>>>>>>> * Security context
>>>>>>> * Security interceptor proposal from Reza et all
>>>>>>>
>>>>>>> For EDR3 to consider:
>>>>>>> * Mandating containers doing 1:1 role mapping (we can't really
>>>>>>> implement this using public APIs, but RI could do it using GlassFish
>>>>>>> specific code)
>>>>>>> * web.xml integration/alignment
>>>>>>>
>>>>>>> There's (much) more on the TODO list like events, password aliasing
>>>>>>> and more, but the above may be a guideline on how to proceed.
>>>>>>>
>>>>>>> Kind regards,
>>>>>>> Arjan Tijms
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>>
>>>>>>>> Kind Regards,
>>>>>>>> Werner
>>>>>>>>
>>>>>>>> On Sun, Jan 31, 2016 at 5:47 PM, arjan tijms <arjan.tijms_at_gmail.com
>>>>>>>> > wrote:
>>>>>>>>
>>>>>>>>> Okay, so that remains an open question.
>>>>>>>>>
>>>>>>>>> Meanwhile I've done a quick snapshot upload here using our
>>>>>>>>> omnnifaces groupId:
>>>>>>>>> https://oss.sonatype.org/content/repositories/snapshots/org/omnifaces/soteria-edr1/1.0-SNAPSHOT/
>>>>>>>>>
>>>>>>>>> I made some choices with regard to naming and organisation here.
>>>>>>>>>
>>>>>>>>> Both API and impl. are in the same Maven module, just as two
>>>>>>>>> different packages. MVC has the API as a separate artefact in a separate
>>>>>>>>> repo, with the implementation depending on that. JSF however has api and
>>>>>>>>> impl as two folders in one larger project. Once the API is a little bit
>>>>>>>>> more stable and we can more easily upload both artefacts under their own
>>>>>>>>> groupIds, we should do the separation I guess.
>>>>>>>>>
>>>>>>>>> I also named the artefact "soteria-edr1" for now. It could have
>>>>>>>>> been just soteria with "edr1" as the version number. For now I thought it
>>>>>>>>> was easier and clearer to have a separate edr1 folder, and then later have
>>>>>>>>> an edr2 etc, but we can change this of course. I just had to pick something
>>>>>>>>> for now.
>>>>>>>>>
>>>>>>>>> I'll test a little with the snapshot and can do a Maven central
>>>>>>>>> upload using the omnifaces groupId for the short term. This would make it
>>>>>>>>> easier for people to at least try out the code in their own test projects.
>>>>>>>>>
>>>>>>>>> Kind regards,
>>>>>>>>> Arjan
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> On Sun, Jan 31, 2016 at 5:17 PM, Werner Keil <
>>>>>>>>> werner.keil_at_gmail.com> wrote:
>>>>>>>>>
>>>>>>>>>> Not sure, who in the EG can do that, at least someone had to
>>>>>>>>>> request upload privileges to MavenCentral for a groupId like
>>>>>>>>>> org.glassfish.soteria and of course for javax.security.* too, otherwise it
>>>>>>>>>> won't build ;-)
>>>>>>>>>>
>>>>>>>>>> Werner
>>>>>>>>>>
>>>>>>>>>> On Sat, Jan 30, 2016 at 12:49 AM, arjan tijms <
>>>>>>>>>> arjan.tijms_at_gmail.com> wrote:
>>>>>>>>>>
>>>>>>>>>>> Hi,
>>>>>>>>>>>
>>>>>>>>>>> On Fri, Jan 29, 2016 at 6:31 PM, Werner Keil <
>>>>>>>>>>> werner.keil_at_gmail.com> wrote:
>>>>>>>>>>>
>>>>>>>>>>>> So along the lines of MVC it should be
>>>>>>>>>>>> package org.glassfish.soteria;
>>>>>>>>>>>> then ;-)
>>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> I just did the initial commit for the work in progress EDR1:
>>>>>>>>>>> https://github.com/javaee-security-spec/javaee-security-proposals/commit/e482ba6580072ad82413a80c40e7d3112b83119a
>>>>>>>>>>>
>>>>>>>>>>> The implementation package is org.glassfish.soteria ;)
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>> Please in the proposals repo try to use the license header
>>>>>>>>>>>> plugin.
>>>>>>>>>>>> Looking at e.g. JAX-RS, the header spans across multiple years
>>>>>>>>>>>> for some JSRs (probably will be for MVC if they do something again)
>>>>>>>>>>>> Copyright (c) 2010-2015 Oracle and/or its affiliates. All
>>>>>>>>>>>> rights reserved.
>>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> I had already copied the header manually to the API files, but
>>>>>>>>>>> I'll try the license plug-in header next.
>>>>>>>>>>>
>>>>>>>>>>> For promotion it would be cool if we can publish the work in
>>>>>>>>>>> progress EDR1 jar to Maven central so people can more easily try it out.
>>>>>>>>>>>
>>>>>>>>>>> Kind regards,
>>>>>>>>>>> Arjan Tijms
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> Right now the license plugin as of last year only uses the
>>>>>>>>>>>> inception year (from the POM) but "currentYear" is also available. If you
>>>>>>>>>>>> want I can run the license reformatting at any time when things are changed.
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> Kind Regards,
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> Werner
>>>>>>>>>>>>
>>>>>>>>>>>> On Fri, Jan 29, 2016 at 6:18 PM, arjan tijms <
>>>>>>>>>>>> arjan.tijms_at_gmail.com> wrote:
>>>>>>>>>>>>
>>>>>>>>>>>>> Great :)
>>>>>>>>>>>>>
>>>>>>>>>>>>> I'll do the package renaming tonight or tomorrow at the latest
>>>>>>>>>>>>> and commit the whole to the proposals repo.
>>>>>>>>>>>>>
>>>>>>>>>>>>> Kind regards,
>>>>>>>>>>>>> Arjan Tijms
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> On Fri, Jan 29, 2016 at 9:08 AM, Rudy De Busscher <
>>>>>>>>>>>>> rdebusscher_at_gmail.com> wrote:
>>>>>>>>>>>>>
>>>>>>>>>>>>>> All,
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> I created the Twitter account @Soteria_RI to promote the RI
>>>>>>>>>>>>>> and evangelise Java EE Security in general.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> best regards
>>>>>>>>>>>>>> Rudy
>>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>
>>>
>>
>