Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [jakartaee-platform-dev] Moving MicroProfile JWT to Jakarta Security?

Hey All,

A couple notes on various things mentioned in this thread.

# Technical

MP JWT does define bindings for EJB, Servlets, JACC, JASPIC, etc.

 - https://download.eclipse.org/microprofile/microprofile-jwt-auth-2.0/microprofile-jwt-auth-spec-2.0.html#_recommendations_for_optional_container_integration

These have been there since MP JWT 1.0.  If we wanted to expand that and bolster the TCK tests in MP JWT, this is not a problem.  There are no technical limitations that would prevent us from defining in MP JWT how MP JWT ties into Jakarta Security, Jakarta Servlets or any Jakarta spec.


# Procedural

In CN4J we did agree to some technical principles.  One of them is that duplication should be avoided.

 - https://docs.google.com/presentation/d/1i7hBzjXtApAUQDopPopLNG0yuwLXBLiSAFKr1_jhFlQ/edit?pli=1#slide=id.ge89d7772e8_0_9

Copying MP JWT would violate the principles we agreed on.  The process for getting agreement between the two groups for a move is basically:

 - Create a proposal and get a member of each WG to sponsor (endorse) it
 - Once sponsored, both WGs independently vote to approve it
 - If both WGs agree, it can move forward


Hope this helps.


-David



Back to the top