Hi,
On Fri, Jul 22, 2016 at 4:38 PM, Werner Keil <werner.keil_at_gmail.com> wrote:
> Hopefully the announcement around critical aspects for the Cloud like
> Security means that some goals of JSR 375 are also appreciated and further
> supported by Oracle. Either as Spec Lead or a more active EG member than it
> was in the past few months.
>
Indeed. One of the original goals of JSR 375 was to make Java EE security
more suitable for cloud environments, specifically by allowing security to
be completely configured / defined by the application, while still not
cutting off configuration options at the server level.
> I don't know who actually has commit rights or can add things, but
> eventually this could also be an interesting case for the Microprofile
> repo. However, JSR 375 and Security aspects in general seem to big for the
> "minimal" profile, so let's see how that fleshes out before discussing
> other profiles for it.
>
A fully featured security framework with tons of advanced options may be
too big indeed. But, a minimal amount of code just to set the authenticated
identity in a simple way is IMHO absolutely not too big. I'm thinking about
pretty much only the bare AuthenticationMechanism interface and the
IdentityStore interface then.
For almost every web service I've build it was always necessary to set the
authenticated identity.
It's also not functionality that isn't present in the servers powering the
micro profile, but it's just about doing what those servers already do but
in a standard way. But yeah, let's see how things play out.
> Btw. I copied the Google Groups list, since despite all of Oracle's
> positive signals, there is no indication that java.net gets a lifeline
> beyond April, so we don't know what's going to happen to the
> "javaee-security-spec" project on java.net or the mailing list.
>
Given that there's indeed no such indication, it sounds like a good idea to
start cc'ing to Google groups.
Kind regards,
Arjan Tijms
>
> Kind Regards,
> Werner
>
>
>
> On Fri, Jul 22, 2016 at 4:11 PM, arjan tijms <arjan.tijms_at_gmail.com>
> wrote:
>
>> Hi,
>>
>> For those who haven't seen it yet, here's some feedback from a user
>> actually trying Soteria:
>>
>> https://github.com/javaee-security-spec/soteria/issues/9
>>
>> There's quite an amount of interesting feedback there, and some issues
>> are brought to the surface that I think we should try to solve.
>>
>> Would also be great if more of the EG members actually tried to use
>> Soteria for an actual (example) application, as there's typically quite an
>> amount of things you encounter then.
>>
>> Kind regards,
>> Arjan Tijms
>>
>>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Java EE Security API - JSR 375 - Experts" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to jsr375-experts+unsubscribe_at_googlegroups.com.
> To post to this group, send email to jsr375-experts_at_googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/jsr375-experts/CAAGawe3%3D1ur4HCWGg8SgLUW4o09nN1EMh0OjWGb7ZAQZqE%3DW8g%40mail.gmail.com
> <https://groups.google.com/d/msgid/jsr375-experts/CAAGawe3%3D1ur4HCWGg8SgLUW4o09nN1EMh0OjWGb7ZAQZqE%3DW8g%40mail.gmail.com?utm_medium=email&utm_source=footer>
> .
> For more options, visit https://groups.google.com/d/optout.
>