[javaee-spec users] [jsr366-experts] Re: Java EE Security API and the Web Profile

From: Kevin Sutter <>
Date: Wed, 19 Apr 2017 11:05:33 +0800

-1 on this move without further clarification... Arjan has proposed that
maybe we need a "jaspic lite" similar to "ejb lite" to allow for a subset
of jaspic to be required in web profile. If we could clarify this first
then I might go along with including security 1.0 and jaspic lite in web
profile. But, without that clarification, I don't agree with including
jaspic in web profile (and thus security 1.0). Thanks.

Kevin Sutter
STSM, Java EE and Java Persistence API (JPA) architect
e-mail: Twitter: @kwsutter
phone: tl-553-3620 (office), 507-253-3620 (office)

From: Linda DeMichiel <>
Date: 04/18/2017 06:47 AM
Subject: [javaee-spec users] [jsr366-experts] Java EE Security API
and the Web Profile

An update as to where we are with this discussion.....

So far, there has been overwhelming support among the users list
participants for including the Java EE Security API in the
Web Profile.

As of today, however, the Java EE Security API depends on JASPIC,
which we would therefore also need to include in the Web Profile,
which has raised some concerns.

In the absence of any further feedback from members of the Platform
Expert Group, we plan to include both the Java EE Security API
and JASPIC in the Web Profile.

Please let us know asap if you object.