users@javaee-security-spec.java.net

[javaee-security-spec users] [jsr375-experts] Re: Agenda for EG Meeting, 2017/04/07

From: Werner Keil <werner.keil_at_gmail.com>
Date: Sat, 8 Apr 2017 13:44:23 +0200

Rudy/all,

Thanks for the update. So I was not the only one where Wifi had a bad day;-/
Hope this isn't an effect of 8pm+ when people start streaming, at least all
other weekdays I saw no such problem.

Are there minutes available to see?

For the next call unless it was covered while I was not connected, could we
discuss SecurityContext, especially the 2
hasAccessToWebResource methods?
IMO I am not sure, if the word "Web" is necessary or adds value, given
Mobile, Embedded, etc. may have different types of resources than
traditional "websites" or pages.

Kind Regards,


Werner


On Sat, Apr 8, 2017 at 10:39 AM, Rudy De Busscher <rdebusscher_at_gmail.com>
wrote:

> Hi Arjan,
>
> The meeting was ended shortly after your connection broke up.
>
> The question was to use also CredentialValidationResult with this method
> of IdentityStore
>
> *List<String> getGroupsByCallerPrincipal(CallerPrincipal callerPrincipal)*
>
> In order to add additional information to it so that the IdentityStore has
> more information about the Caller which was authenticated so that it can
> retrieve the groups of the *correct person*
>
> best regards
>
> Rudy
>
>
>
>
> On 7 April 2017 at 22:29, arjan tijms <arjan.tijms_at_gmail.com> wrote:
>
>> Hi,
>>
>> I just lost the connection totally too, but probably because it was
>> automatically ended by the time limit set.
>>
>> Oh well, good things were discussed. Perhaps we should have had those
>> meetings on a regular basis some time ago, but what's done is done.
>>
>> Last point of discussion was the CredentialValidationResult that should
>> be passed around, but actually this already is. Or maybe I understood the
>> question not correctly.
>>
>> But if you look at the handler, then the main loop is this:
>>
>> CredentialValidationResult validationResult = null;
>>
>> // Check stores to authenticate until one succeeds.
>> for (IdentityStore authenticationIdentityStore :
>> authenticationIdentityStores) {
>> validationResult = authenticationIdentityStore.va
>> lidate(credential);
>> if (validationResult.getStatus() == VALID) {
>> break;
>> }
>> }
>>
>>
>> This makes its decision based on CredentialValidationResult above
>> anything else. But again, maybe I understood incorrectly.
>>
>> Kind regards,
>> Arjan Tijms
>>
>>
>>
>>
>>
>>
>> On Fri, Apr 7, 2017 at 10:05 PM, Werner Keil <werner.keil_at_gmail.com>
>> wrote:
>>
>>> Hi,
>>>
>>> Looks like I totally lost the connection, Wifi keeps breaking down. I
>>> might try again, otherwise hope next week it will be more stable... So far
>>> it was OK here.
>>>
>>> Werner
>>>
>>> On Fri, Apr 7, 2017 at 8:21 PM, Werner Keil <werner.keil_at_gmail.com>
>>> wrote:
>>>
>>>> Hi Sorry to be late, where is the Zoom URL?
>>>>
>>>> Werner Keil | JCP Executive Committee Member, JSR 363 Maintenance Lead
>>>> | Eclipse UOMo Lead, Babel Language Champion | Apache Committer
>>>>
>>>> Twitter @wernerkeil | @UnitAPI | @JSR354 | @AgoravaProj | @TamayaConf |
>>>> @OpenDDR | #EclipseUOMo
>>>> Skype werner.keil <http://gplus.to/wernerkeil>
>>>>
>>>>
>>>>
>>>> On Fri, Apr 7, 2017 at 7:40 PM, Will Hopkins <will.hopkins_at_oracle.com>
>>>> wrote:
>>>>
>>>>> Agenda:
>>>>>
>>>>> -- JavaOne talks (Werner):
>>>>> -- I think this is a good idea. Willing to present myself, or with
>>>>> others from the EG. Having a single session makes sense to me, don't know
>>>>> what sort would be best -- maybe BOF? Not sure whether Oracle has a
>>>>> separate internal CFP with different deadlines, looking into it now.
>>>>>
>>>>> -- Glassfish security guide (Werner):
>>>>> -- I believe the Oracle doc team will update this with relevant
>>>>> information.
>>>>>
>>>>> -- Build issues (Arjan):
>>>>> -- pushing out the api artefact to bintray
>>>>> -- pushing milestones (also) to maven central
>>>>> -- testing the builds
>>>>>
>>>>> -- Spec/API issues (Arjan):
>>>>> -- checking the source (specifically api) adjusting where needed
>>>>> -- (will) need to review RI too, for functionality not in API
>>>>> -- any new features still? Events, @Authorized, ... ?
>>>>>
>>>>> -- Process (Will):
>>>>> -- Very little time left in the schedule, need to work efficiently
>>>>> -- Regular meetings (same time each week)?
>>>>> -- GitHub issues vs. JIRA?
>>>>> -- Process/tools for doc review?
>>>>>
>>>>> -- Doc Review (Will):
>>>>> -- Walk through EDR1 draft addressing open issues
>>>>>
>>>>> -- Other Business?
>>>>>
>>>>> --
>>>>> Will Hopkins | WebLogic Security Architect | +1.781.442.0310 <+1%20781-442-0310>
>>>>> Oracle Application Development
>>>>> 35 Network Drive, Burlington, MA 01803
>>>>>
>>>>>
>>>>
>>>
>>
>