users@javaee-spec.java.net

[javaee-spec users] Re: [jsr366-experts] Re: Java EE Security API and the Web Profile

From: Kevin Sutter <sutter_at_us.ibm.com>
Date: Wed, 19 Apr 2017 20:22:02 +0800

Hi Arjan,
Thanks for the clarification. But, will Linda indicate that only the
Servlet Container Profile of jaspic will be required for Web Profile? I'm
not so worried about whether Liberty supports a given set of jaspic
features. Just in general, I didn't think it was a good idea to require
all of jaspic in the Web Profile. If we can limit the documented support
to just the Servlet Container Profile of jaspic, then I would probably be
okay. I was just looking for clarification of how much of jaspic would be
required. Linda?

---------------------------------------------------
Kevin Sutter
STSM, Java EE and Java Persistence API (JPA) architect
e-mail: sutter_at_us.ibm.com Twitter: @kwsutter
phone: tl-553-3620 (office), 507-253-3620 (office)
LinkedIn: https://www.linkedin.com/in/kevinwsutter



From: arjan tijms <arjan.tijms_at_gmail.com>
To: users <users_at_javaee-spec.java.net>
Date: 04/19/2017 11:55 AM
Subject: [javaee-spec users] Re: [jsr366-experts] Re: Java EE
Security API and the Web Profile



Hi Kevin,

The proposed "jaspic lite" is simply the already defined Servlet Container
Profile of jaspic, which is described in chapter 3 of the JASPIC 1.1
spec.

Liberty supports this well enough (the JSR 375 RI runs on Liberty).

Kind regards,
Arjan Tijms




On Wed, Apr 19, 2017 at 5:05 AM, Kevin Sutter <sutter_at_us.ibm.com> wrote:
-1 on this move without further clarification... Arjan has proposed that
maybe we need a "jaspic lite" similar to "ejb lite" to allow for a subset
of jaspic to be required in web profile. If we could clarify this first
then I might go along with including security 1.0 and jaspic lite in web
profile. But, without that clarification, I don't agree with including
jaspic in web profile (and thus security 1.0). Thanks.

---------------------------------------------------
Kevin Sutter
STSM, Java EE and Java Persistence API (JPA) architect
e-mail: sutter_at_us.ibm.com Twitter: @kwsutter
phone: tl-553-3620 (office), 507-253-3620 (office)
LinkedIn: https://www.linkedin.com/in/kevinwsutter



From: Linda DeMichiel <linda.demichiel_at_oracle.com>
To: jsr366-experts_at_javaee-spec.java.net
Date: 04/18/2017 06:47 AM
Subject: [javaee-spec users] [jsr366-experts] Java EE Security API
and the Web Profile




An update as to where we are with this discussion.....

So far, there has been overwhelming support among the users list
participants for including the Java EE Security API in the
Web Profile.

As of today, however, the Java EE Security API depends on JASPIC,
which we would therefore also need to include in the Web Profile,
which has raised some concerns.

In the absence of any further feedback from members of the Platform
Expert Group, we plan to include both the Java EE Security API
and JASPIC in the Web Profile.

Please let us know asap if you object.

thanks,

-Linda
© Oracle | By contributing to this project, you are agreeing to the terms of use described here.