[javaee-spec users] [jsr342-experts] Re: spec changes for new security manager requirements

From: Werner Keil <>
Date: Fri, 11 May 2012 01:00:08 +0200

The timing may be different, but it seems in the interest of not just
users, if that technology once available can be used by servers or apps on
top of EE7 rather than having to wait an entire generation for 8.

While we have not discussed the API for it in such detail, it sounds
natural using SecurityManager, the platform provides to control this kind
of access. Even if some of it may have to be extended for the needs of 351,
and some of its main targets like Social Media or the Cloud.
Am 11.05.2012 00:45 schrieb "Bill Shannon" <>:

> I haven't been tracking JSR 351, and we don't currently plan to include
> it in EE 7, so I don't know if the requirements you refer to would be part
> of that spec or some future version of the platform spec.
> Werner Keil wrote on 05/10/2012 03:28 PM:
> Bill/all,
> Thanks a lot for the update.
> I'm glad, Ron is involved, so where access to identity providers and
> attributes so far discussed by the JSR 351 EG needs to be restricted or
> controlled, I assume there's going to be additional requirements for that,
> too.
> Regards,
> Werner
> Am 10.05.2012 23:43 schrieb "Bill Shannon" <>:
>> Larry McCay, Ron Monzillo, and I have drafted updates to the platform
>> spec to describe the new security manager requirements we've previously
>> agreed on. It turned out to be surprisingly difficult to write these
>> requirements in a way that captures some of the subtlety involved.
>> Please review these updated spec sections carefully and ask questions
>> if you're not sure exactly what the requirements are.
>> The proposed spec updates are here, and will be folded into the draft
>> spec soon (obviously the numbering and such will be fixed at that point):
>> Thanks.