On Aug 24, 2007, at 11:45 AM, Ryan McDonough wrote:
>
> Sorry I'm late to the party but I've been trying to catch up on
> what has
> been going on with the development of this specification. One item I'm
> curious about is security in regards to this JSR? Is this an area
> that has
> been deemed out of scope for for the JSR, or is something that has
> not come
> up in discussions yet?
>
We haven't discussed security much beyond noting that its primarily
something that would typically happen before a request reaches a JSR
311 artifact. In an earlier note[1] outlining feedback Paul and I
received from an internal review I included the following:
> - Consider supporting the standard security annotations defined by
> JSR 250 and examine JSRs 196 and 115. JSR 196 offers support for
> pluggable authentication and JSR 115 for authorization. JSR 115 may
> need a revision to accommodate the more flexible URI patterns
> supported by @UriTemplate.
So I wouldn't say that security is out-of-scope for this JSR but
equally I don't think we should be re-inventing any wheels either.
Marc.
[1]
https://jsr311.dev.java.net/servlets/ReadMsg?list=dev&msgNo=549
---
Marc Hadley <marc.hadley at sun.com>
CTO Office, Sun Microsystems.