Hi Kevin,
The proposed "jaspic lite" is simply the already defined Servlet Container
Profile of jaspic, which is described in chapter 3 of the JASPIC 1.1 spec.
Liberty supports this well enough (the JSR 375 RI runs on Liberty).
Kind regards,
Arjan Tijms
On Wed, Apr 19, 2017 at 5:05 AM, Kevin Sutter <sutter_at_us.ibm.com> wrote:
> -1 on this move without further clarification... Arjan has proposed that
> maybe we need a "jaspic lite" similar to "ejb lite" to allow for a subset
> of jaspic to be required in web profile. If we could clarify this first
> then I might go along with including security 1.0 and jaspic lite in web
> profile. But, without that clarification, I don't agree with including
> jaspic in web profile (and thus security 1.0). Thanks.
>
> ---------------------------------------------------
> Kevin Sutter
> STSM, Java EE and Java Persistence API (JPA) architect
> e-mail: sutter_at_us.ibm.com Twitter: @kwsutter
> phone: tl-553-3620 (office), 507-253-3620 <(507)%20253-3620> (office)
> LinkedIn: https://www.linkedin.com/in/kevinwsutter
>
>
>
> From: Linda DeMichiel <linda.demichiel_at_oracle.com>
> To: jsr366-experts_at_javaee-spec.java.net
> Date: 04/18/2017 06:47 AM
> Subject: [javaee-spec users] [jsr366-experts] Java EE Security API
> and the Web Profile
> ------------------------------
>
>
>
> An update as to where we are with this discussion.....
>
> So far, there has been overwhelming support among the users list
> participants for including the Java EE Security API in the
> Web Profile.
>
> As of today, however, the Java EE Security API depends on JASPIC,
> which we would therefore also need to include in the Web Profile,
> which has raised some concerns.
>
> In the absence of any further feedback from members of the Platform
> Expert Group, we plan to include both the Java EE Security API
> and JASPIC in the Web Profile.
>
> Please let us know asap if you object.
>
> thanks,
>
> -Linda
>
>
>
>
>