jsr366-experts@javaee-spec.java.net

[jsr366-experts] Re: [javaee-spec users] Re: Re: Java EE Security API and the Web Profile

From: Linda DeMichiel <linda.demichiel_at_oracle.com>
Date: Wed, 19 Apr 2017 11:41:21 -0700

The Servlet Container Profile of JASPIC need only be required.
Section EE.9.3 of the Platform spec spells out the rules, as does
Chapter 3 of the JASPIC spec.

However, if a Web Profile product supports additional functionality
that is addressed by JASPIC spec, then the corresponding JASPIC
requirements would need to be supported. For example, if a Web
Profile product supports web service endpoints, then the SOAP profile
of the JASPIC spec would need to be supported.


On 4/19/17, 5:22 AM, Kevin Sutter wrote:
> Hi Arjan,
> Thanks for the clarification. But, will Linda indicate that only the
> Servlet Container Profile of jaspic will be required for Web Profile?
> I'm not so worried about whether Liberty supports a given set of
> jaspic features. Just in general, I didn't think it was a good idea to
> require all of jaspic in the Web Profile. If we can limit the
> documented support to just the Servlet Container Profile of jaspic, then
> I would probably be okay. I was just looking for clarification of how
> much of jaspic would be required. Linda?


>
> ---------------------------------------------------
> Kevin Sutter
> STSM, Java EE and Java Persistence API (JPA) architect
> e-mail: sutter_at_us.ibm.com Twitter: @kwsutter
> phone: tl-553-3620 (office), 507-253-3620 (office)
> LinkedIn: https://www.linkedin.com/in/kevinwsutter
>
>
>
> From: arjan tijms <arjan.tijms_at_gmail.com>
> To: users <users_at_javaee-spec.java.net>
> Date: 04/19/2017 11:55 AM
> Subject: [javaee-spec users] Re: [jsr366-experts] Re: Java EE Security
> API and the Web Profile
> ------------------------------------------------------------------------
>
>
>
> Hi Kevin,
>
> The proposed "jaspic lite" is simply the already defined Servlet
> Container Profile of jaspic, which is described in chapter 3 of the
> JASPIC 1.1 spec.
>
> Liberty supports this well enough (the JSR 375 RI runs on Liberty).
>
> Kind regards,
> Arjan Tijms
>
>
>
>
> On Wed, Apr 19, 2017 at 5:05 AM, Kevin Sutter <_sutter_at_us.ibm.com_
> <mailto:sutter_at_us.ibm.com>> wrote:
> -1 on this move without further clarification... Arjan has proposed
> that maybe we need a "jaspic lite" similar to "ejb lite" to allow for a
> subset of jaspic to be required in web profile. If we could clarify
> this first then I might go along with including security 1.0 and jaspic
> lite in web profile. But, without that clarification, I don't agree
> with including jaspic in web profile (and thus security 1.0). Thanks.
>
> ---------------------------------------------------
> Kevin Sutter
> STSM, Java EE and Java Persistence API (JPA) architect
> e-mail: _sutter_at_us.ibm.com_ <mailto:sutter_at_us.ibm.com> Twitter:
> @kwsutter
> phone: tl-553-3620 (office), _507-253-3620_ <tel:(507)%20253-3620>(office)
> LinkedIn: _https://www.linkedin.com/in/kevinwsutter_
>
>
>
> From: Linda DeMichiel <_linda.demichiel_at_oracle.com_
> <mailto:linda.demichiel_at_oracle.com>>
> To: _jsr366-experts_at_javaee-spec.java.net_
> <mailto:jsr366-experts_at_javaee-spec.java.net>
> Date: 04/18/2017 06:47 AM
> Subject: [javaee-spec users] [jsr366-experts] Java EE Security API and
> the Web Profile
> ------------------------------------------------------------------------
>
>
>
>
> An update as to where we are with this discussion.....
>
> So far, there has been overwhelming support among the users list
> participants for including the Java EE Security API in the
> Web Profile.
>
> As of today, however, the Java EE Security API depends on JASPIC,
> which we would therefore also need to include in the Web Profile,
> which has raised some concerns.
>
> In the absence of any further feedback from members of the Platform
> Expert Group, we plan to include both the Java EE Security API
> and JASPIC in the Web Profile.
>
> Please let us know asap if you object.
>
> thanks,
>
> -Linda
>
>
>
>
>
>
>