users@javaee-spec.java.net

[javaee-spec users] Re: [jsr366-experts] Re: Re: Re: Java EE Security API and the Web Profile

From: arjan tijms <arjan.tijms_at_gmail.com>
Date: Thu, 20 Apr 2017 19:21:29 +0200

Hi,

On Thu, Apr 20, 2017 at 7:13 PM, Linda DeMichiel <linda.demichiel_at_oracle.com
> wrote:
>
> A correction to my earlier message here. After some further
> JASPIC spec research, we've determined that the JASPIC SOAP profile
> support would be optional, not required. I'll clarify this point
> in the Platform spec.


Thanks Linda!

Do note btw that the Servlet spec also exclusively references the Servlet
Container Profile, so there's some kind of precedent already (it's not
exactly the same, but still).

In reply to Kevin's earlier question I can also confirm that JSR 375 only
needs support for the JSR 196 Servlet Container Profile. The other profiles
are absolutely not needed.

Kind regards,
Arjan Tijms




>
>
>
>
>> On 4/19/17, 5:22 AM, Kevin Sutter wrote:
>>
>>> Hi Arjan,
>>> Thanks for the clarification. But, will Linda indicate that only the
>>> Servlet Container Profile of jaspic will be required for Web Profile?
>>> I'm not so worried about whether Liberty supports a given set of
>>> jaspic features. Just in general, I didn't think it was a good idea to
>>> require all of jaspic in the Web Profile. If we can limit the
>>> documented support to just the Servlet Container Profile of jaspic, then
>>> I would probably be okay. I was just looking for clarification of how
>>> much of jaspic would be required. Linda?
>>>
>>
>>
>>
>>> ---------------------------------------------------
>>> Kevin Sutter
>>> STSM, Java EE and Java Persistence API (JPA) architect
>>> e-mail: sutter_at_us.ibm.com Twitter: @kwsutter
>>> phone: tl-553-3620 (office), 507-253-3620 (office)
>>> LinkedIn: https://www.linkedin.com/in/kevinwsutter
>>>
>>>
>>>
>>> From: arjan tijms <arjan.tijms_at_gmail.com>
>>> To: users <users_at_javaee-spec.java.net>
>>> Date: 04/19/2017 11:55 AM
>>> Subject: [javaee-spec users] Re: [jsr366-experts] Re: Java EE Security
>>> API and the Web Profile
>>> ------------------------------------------------------------------------
>>>
>>>
>>>
>>> Hi Kevin,
>>>
>>> The proposed "jaspic lite" is simply the already defined Servlet
>>> Container Profile of jaspic, which is described in chapter 3 of the
>>> JASPIC 1.1 spec.
>>>
>>> Liberty supports this well enough (the JSR 375 RI runs on Liberty).
>>>
>>> Kind regards,
>>> Arjan Tijms
>>>
>>>
>>>
>>>
>>> On Wed, Apr 19, 2017 at 5:05 AM, Kevin Sutter <_sutter_at_us.ibm.com_
>>> <mailto:sutter_at_us.ibm.com>> wrote:
>>> -1 on this move without further clarification... Arjan has proposed
>>> that maybe we need a "jaspic lite" similar to "ejb lite" to allow for a
>>> subset of jaspic to be required in web profile. If we could clarify
>>> this first then I might go along with including security 1.0 and jaspic
>>> lite in web profile. But, without that clarification, I don't agree
>>> with including jaspic in web profile (and thus security 1.0). Thanks.
>>>
>>> ---------------------------------------------------
>>> Kevin Sutter
>>> STSM, Java EE and Java Persistence API (JPA) architect
>>> e-mail: _sutter_at_us.ibm.com_ <mailto:sutter_at_us.ibm.com> Twitter:
>>> @kwsutter
>>> phone: tl-553-3620 (office), _507-253-3620_
>>> <tel:(507)%20253-3620>(office)
>>> LinkedIn: _https://www.linkedin.com/in/kevinwsutter_
>>>
>>>
>>>
>>> From: Linda DeMichiel <_linda.demichiel_at_oracle.com_
>>> <mailto:linda.demichiel_at_oracle.com>>
>>> To: _jsr366-experts_at_javaee-spec.java.net_
>>> <mailto:jsr366-experts_at_javaee-spec.java.net>
>>> Date: 04/18/2017 06:47 AM
>>> Subject: [javaee-spec users] [jsr366-experts] Java EE Security API and
>>> the Web Profile
>>> ------------------------------------------------------------------------
>>>
>>>
>>>
>>>
>>> An update as to where we are with this discussion.....
>>>
>>> So far, there has been overwhelming support among the users list
>>> participants for including the Java EE Security API in the
>>> Web Profile.
>>>
>>> As of today, however, the Java EE Security API depends on JASPIC,
>>> which we would therefore also need to include in the Web Profile,
>>> which has raised some concerns.
>>>
>>> In the absence of any further feedback from members of the Platform
>>> Expert Group, we plan to include both the Java EE Security API
>>> and JASPIC in the Web Profile.
>>>
>>> Please let us know asap if you object.
>>>
>>> thanks,
>>>
>>> -Linda
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>