users@javaee-security-spec.java.net

[javaee-security-spec users] [jsr375-experts] Re: Text for Renewal Ballot

From: Werner Keil <werner.keil_at_gmail.com>
Date: Wed, 23 Nov 2016 20:57:49 +0100

It is a formal part of EC meetings or calls. If a Spec Lead was close
enough (e.g. in the UK or Europe) it may be on site, but otherwise that's
usually done via conf call. Dmitry did so before JavaOne because he was not
in San Francisco then.

Alex also did, either in person (because he was at DevoXX UK) or by phone
in the first half of 2015. As he's available to help the EG, could you ask
him about it, too?

The venue is London again, but unless you were based in Europe/Britain, the
EC normally does not expect every Spec Lead to join in person;-)

Werner


On Wed, Nov 23, 2016 at 8:37 PM, Will Hopkins <will.hopkins_at_oracle.com>
wrote:

> I'm open to doing a Spec Lead Report, but being new to the Spec Lead role,
> I'm not familiar with those -- is it a formal thing Spec Leads do, an
> informal thing that's convenient due to the EC F2F? What's the venue?
>
>
> On 11/23/2016 01:59 PM, Werner Keil wrote:
>
> Will,
>
> Looks good, thanks. Although at least 2 new EC members (Tomitribe, Ivar)
> are also in this EG, maybe around the January EDR timeline you could also
> schedule a Spec Lead Report for the EC F2F in London on Jan 10/11, do you
> think that's possible?
>
> I read, Oracle just bought Dyn. (which was responsible for a major
> internet blackout after it got hacked through insecure IoT devices) While
> this company or future Oracle subsidiary probably won't benefit as much
> from JSR 375 and similar security efforts, IoT devices and services in the
> cloud could especially if they run Java, so I am pretty confident, the
> Renewal Ballot should pass again;-)
>
> Regards,
> Werner
>
>
> On Wed, Nov 23, 2016 at 7:29 PM, Will Hopkins <will.hopkins_at_oracle.com>
> wrote:
>
>> Dear Experts,
>>
>> Just wanted to let you know what text I plan to submit for the upcoming
>> renewal ballot. Thanks for all your energy, enthusiasm, and work in helping
>> put together the spec; once we get past the renewal ballot I think it'll
>> come together pretty quickly.
>>
>> Here is the text:
>>
>> "The JSR-375 Expert Group, after a period of relative inactivity, has a
>> new Spec Lead, and has resumed its work to define a core set of security
>> APIs and functions for Java EE.
>>
>> The EG is active and engaged. An Early Draft Release specification is
>> taking shape, and, while there are still deliberations going on, we expect
>> to publish an EDR by January 2017. API code is also taking shape, as is a
>> Reference Implementation.
>>
>> Recent talks by EG members and others, at JavaOne and other developer
>> conferences, have publicized the EG's work, and laid out a roadmap for Java
>> EE security that includes JSR 375 as a foundation in EE 8, with additional
>> capabilities, including OAuth/OpenID Connect support, planned for a
>> follow-on JSR. The roadmap has been generally well-received.
>>
>> Additional talks are scheduled, including my talk, "What's New in Java EE
>> Security: JSR-375 and Beyond", which has been accepted for Devoxx US 2017.
>>
>> The EG believes that JSR 375 should be completed, that it is important to
>> the future of Java EE, and that it enjoys broad community support. We ask
>> you to approve the renewal ballot.
>>
>> Will Hopkins
>> Spec Lead, JSR 375"
>>
>> Note that this is only intended to provide a snapshot of current thinking
>> and demonstrate activity/progress, so the EC members have something to base
>> their vote on. It doesn't lock us into, e.g., doing OAuth as a follow-on
>> JSR.
>>
>> I plan to submit this to the JCP later today.
>>
>> Regards,
>>
>> Will
>>
>> --
>> Will Hopkins | Platform Security Architect | +1.781.442.0310
>> Oracle Cloud Application Foundation
>> 35 Network Drive, Burlington, MA 01803
>>
>>
>
> --
> Will Hopkins | Platform Security Architect | +1.781.442.0310
> Oracle Cloud Application Foundation
> 35 Network Drive, Burlington, MA 01803
>
>