[javaee-spec users] [jsr342-experts] Re: password aliasing proposal

From: Bill Shannon <>
Date: Mon, 30 Jan 2012 16:06:52 -0800

Werner Keil wrote on 01/30/12 15:31:
> Looks good.
> It seems similar to resource filtering done by common build systems like Maven
> or Ant.
> Where is the actual value taken from, or would that be left to each implementation?

The actual value of the password could be stored in some product-specific
location, or it could be provided with the application in some sort of
secure storage facility, e.g., a PKCS#12 keystore file. If there's support
for the general approach, we'll provide more details on the latter (see
the open issues at the end of the paper).