Hi,
On Fri, Dec 12, 2014 at 12:34 AM, Bill Shannon <bill.shannon_at_oracle.com> wrote:
> I think we'll need to get further along in the security JSR work to determine
> whether changes are needed in JASPIC or JACC.
I agree, it's early days for that.
> We know there's lots of changes
> we *could* make there, but give that our resources will be focused on other
> things we're only going to make the changes there that we absolutely need to.
A number of things that IMHO would simplify the use of security within
Java EE are related to JASPIC, but could well be done outside JASPIC
(as they would build on the SPI/API provided by it).
I do hope that those "other things" will indeed simplify matters and
address the most common reoccurring problems with security in Java EE,
but this is probably not the list to discuss the details of that ;)
Kind regards,
Arjan