[jax-rs-spec users] [jsr339-experts] offtopic: Java EE Security media type

From: Bill Burke <>
Date: Tue, 16 Oct 2012 11:16:10 -0400

Now that OAuth 2.0 has reached RFC phase, I was wondering if anybody was
interested in collaborating on a Java EE Security token media type and
maybe even extensions of the OAuth 2.0 protocol.

A token media type would be a simple format that encapsulated user/role
mappings and maybe user/permission (JACC) metadata.

I've only done a high-level reading of OAUth 2 RFC, but it seems to be
missing non-browser REST communication. Basically an ability to
transfer the token via header invocations. I'd also like to see
extended protocols/media types that includes PKI support.

Finally, I'd like to get this done via the IETF and their processes. I
think this would be a good chance to get some industry collaboration
around REST, security, and the Java EE world. Something specifically
designed for Java EE. I know we have SAML and XACML and all, but I'd
like to see something developed that is specific to Java EE. Formats
and protocols that are simple and easy to implement and support in other
environments beyond Java.

Any thoughts?



Bill Burke
JBoss, a division of Red Hat