Thanks, Linda. I'm still not sold on jaspic being a requirement of the
web profile, but let me discuss further with my extended team. I'm
currently on a trip to China, so please give me a day or two next week to
get my thoughts together. Thank you!
---------------------------------------------------
Kevin Sutter
STSM, Java EE and Java Persistence API (JPA) architect
e-mail: sutter_at_us.ibm.com Twitter: @kwsutter
phone: tl-553-3620 (office), 507-253-3620 (office)
LinkedIn:
https://www.linkedin.com/in/kevinwsutter
From: Linda DeMichiel <linda.demichiel_at_oracle.com>
To: jsr366-experts_at_javaee-spec.java.net
Date: 04/20/2017 02:42 AM
Subject: [javaee-spec users] [jsr366-experts] Re: Re: Re: Java EE
Security API and the Web Profile
The Servlet Container Profile of JASPIC need only be required.
Section EE.9.3 of the Platform spec spells out the rules, as does
Chapter 3 of the JASPIC spec.
However, if a Web Profile product supports additional functionality
that is addressed by JASPIC spec, then the corresponding JASPIC
requirements would need to be supported. For example, if a Web
Profile product supports web service endpoints, then the SOAP profile
of the JASPIC spec would need to be supported.
On 4/19/17, 5:22 AM, Kevin Sutter wrote:
> Hi Arjan,
> Thanks for the clarification. But, will Linda indicate that only the
> Servlet Container Profile of jaspic will be required for Web Profile?
> I'm not so worried about whether Liberty supports a given set of
> jaspic features. Just in general, I didn't think it was a good idea to
> require all of jaspic in the Web Profile. If we can limit the
> documented support to just the Servlet Container Profile of jaspic, then
> I would probably be okay. I was just looking for clarification of how
> much of jaspic would be required. Linda?
>
> ---------------------------------------------------
> Kevin Sutter
> STSM, Java EE and Java Persistence API (JPA) architect
> e-mail: sutter_at_us.ibm.com Twitter: @kwsutter
> phone: tl-553-3620 (office), 507-253-3620 (office)
> LinkedIn: https://www.linkedin.com/in/kevinwsutter
>
>
>
> From: arjan tijms <arjan.tijms_at_gmail.com>
> To: users <users_at_javaee-spec.java.net>
> Date: 04/19/2017 11:55 AM
> Subject: [javaee-spec users] Re: [jsr366-experts] Re: Java EE Security
> API and the Web Profile
> ------------------------------------------------------------------------
>
>
>
> Hi Kevin,
>
> The proposed "jaspic lite" is simply the already defined Servlet
> Container Profile of jaspic, which is described in chapter 3 of the
> JASPIC 1.1 spec.
>
> Liberty supports this well enough (the JSR 375 RI runs on Liberty).
>
> Kind regards,
> Arjan Tijms
>
>
>
>
> On Wed, Apr 19, 2017 at 5:05 AM, Kevin Sutter <_sutter_at_us.ibm.com_
> <mailto:sutter_at_us.ibm.com>> wrote:
> -1 on this move without further clarification... Arjan has proposed
> that maybe we need a "jaspic lite" similar to "ejb lite" to allow for a
> subset of jaspic to be required in web profile. If we could clarify
> this first then I might go along with including security 1.0 and jaspic
> lite in web profile. But, without that clarification, I don't agree
> with including jaspic in web profile (and thus security 1.0). Thanks.
>
> ---------------------------------------------------
> Kevin Sutter
> STSM, Java EE and Java Persistence API (JPA) architect
> e-mail: _sutter_at_us.ibm.com_ <mailto:sutter_at_us.ibm.com> Twitter:
> @kwsutter
> phone: tl-553-3620 (office), _507-253-3620_
<tel:(507)%20253-3620>(office)
> LinkedIn: _https://www.linkedin.com/in/kevinwsutter_
>
>
>
> From: Linda DeMichiel <_linda.demichiel_at_oracle.com_
> <mailto:linda.demichiel_at_oracle.com>>
> To: _jsr366-experts_at_javaee-spec.java.net_
> <mailto:jsr366-experts_at_javaee-spec.java.net>
> Date: 04/18/2017 06:47 AM
> Subject: [javaee-spec users] [jsr366-experts] Java EE Security API and
> the Web Profile
> ------------------------------------------------------------------------
>
>
>
>
> An update as to where we are with this discussion.....
>
> So far, there has been overwhelming support among the users list
> participants for including the Java EE Security API in the
> Web Profile.
>
> As of today, however, the Java EE Security API depends on JASPIC,
> which we would therefore also need to include in the Web Profile,
> which has raised some concerns.
>
> In the absence of any further feedback from members of the Platform
> Expert Group, we plan to include both the Java EE Security API
> and JASPIC in the Web Profile.
>
> Please let us know asap if you object.
>
> thanks,
>
> -Linda
>
>
>
>
>
>
>