Re: [jakartaee-platform-dev] Moving MicroProfile JWT to Jakarta Security

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

Re: [jakartaee-platform-dev] Moving MicroProfile JWT to Jakarta Security?

From: Vedran Smid <vedransmid@xxxxxxxxx>
Date: Fri, 4 Nov 2022 22:24:51 +0100
Delivered-to: jakartaee-platform-dev@xxxxxxxxxxx
List-archive: <https://www.eclipse.org/mailman/private/jakartaee-platform-dev/>
List-help: <mailto:jakartaee-platform-dev-request@eclipse.org?subject=help>
List-subscribe: <https://www.eclipse.org/mailman/listinfo/jakartaee-platform-dev>, <mailto:jakartaee-platform-dev-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://www.eclipse.org/mailman/options/jakartaee-platform-dev>, <mailto:jakartaee-platform-dev-request@eclipse.org?subject=unsubscribe>

Hi, my first thought was the same but then again config is a spec on its own in both spaces unlike jwt. But i agree that something similar should be done to be consistent.

Sent from my iPhone

On 04.11.2022., at 21:11, Dominic Büchner <dbuechner93@xxxxxxxxx> wrote:

hey
i think it's very similar to the config spec

so in my opinion a kind of copying would be the best approach.

the worst would be referencing to MP JWT because MP depends on some Jakarta Libs and so ther is a chance to introduce cyclic dependencies and how knows what problemes can a raise through that.

so thats my 2 cents :)

kind regards
Dominic Büchner

arjan tijms <arjan.tijms@xxxxxxxxx> schrieb am Fr., 4. Nov. 2022, 20:12:
Hi,

In Jakarta Security we had long ago planned to include a JWT authentication mechanism. Some prototypes from around 2016 are still testimony to that.

Meanwhile, MicroProfile has specified JWT, and a couple of implementations of it (such as Payara, OmniFaces and SmallRye) are internally based on Jakarta Security.

We have discussed moving or copying MP specs to EE before, but nothing concrete has been established. Therefore I wonder how to proceed here.

Do we copy over the MP JWT spec to a section in Jakarta Security and somehow keep them in sync?

Or do we reference the MP JWT spec from the Jakarta Security spec with text like: a compliant implementation should provide an authentication mechanism that behaves exactly like MP JWT with the following differences…

Or something else?

Thoughts?

Kind regards,
Arjan Tijms

_______________________________________________
jakartaee-platform-dev mailing list
jakartaee-platform-dev@xxxxxxxxxxx
To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/jakartaee-platform-dev

_______________________________________________
jakartaee-platform-dev mailing list
jakartaee-platform-dev@xxxxxxxxxxx
To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/jakartaee-platform-dev

References:
- Re: [jakartaee-platform-dev] Moving MicroProfile JWT to Jakarta Security?
  - From: Dominic Büchner

Prev by Date: Re: [jakartaee-platform-dev] Moving MicroProfile JWT to Jakarta Security?
Next by Date: Re: [jakartaee-platform-dev] [es-dev] Moving MicroProfile JWT to Jakarta Security?
Previous by thread: Re: [jakartaee-platform-dev] Moving MicroProfile JWT to Jakarta Security?
Next by thread: Re: [jakartaee-platform-dev] Moving MicroProfile JWT to Jakarta Security?
Index(es):
- Date
- Thread

Breadcrumbs