Re: [jakartaee-platform-dev] Moving MicroProfile JWT to JakartaSecurity?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

Re: [jakartaee-platform-dev] Moving MicroProfile JWT to JakartaSecurity?

From: Werner Keil <werner.keil@xxxxxxx>
Date: Fri, 11 Nov 2022 21:47:05 +0100
Delivered-to: jakartaee-platform-dev@xxxxxxxxxxx
Importance: normal
List-archive: <https://www.eclipse.org/mailman/private/jakartaee-platform-dev/>
List-help: <mailto:jakartaee-platform-dev-request@eclipse.org?subject=help>
List-subscribe: <https://www.eclipse.org/mailman/listinfo/jakartaee-platform-dev>, <mailto:jakartaee-platform-dev-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://www.eclipse.org/mailman/options/jakartaee-platform-dev>, <mailto:jakartaee-platform-dev-request@eclipse.org?subject=unsubscribe>
Ui-outboundreport: notjunk:1;M01:P0:RY/ljCu+8yo=;3T/8poHQHnGGyRaU0zVEC3898jY uYHF9e9kEoHLr+4j5VXdCePZZXP9U2wE/kS+yO9hG2UF2lg+WEJc4xp9FxJV5SBibxJudvbp4 G3I4DZ2o5Mu7GWsLvlHkBYI+BebxIBvDtZm9JfeKh5gujr5wgSHzXpoPiE2DQ6GK9U4Oe+Wn3 6anYg4i3Gtb4aVb2Ul1n19g6vNFFFQIVLVOg6Y37NdquWbXK8LBrETUgB+xm5WlbJCmKQlyG2 w6b1DTjJUB/7S08IT8skzONikc45CiaJ5krTyEf5Qgzyw24KMbSN5I+8+inbTT+Ihtg1cZwtn k9skm9mF6NqyOigmjPMpwR9tGDDn8Fe2bE+tELN+1KQehc0grw8ncuRgcWFLP/Vk8QMQuDYXr Q/3fTjukRxWlz1xo3+bpSoGdru8gsuLQmAxDtEAudtFnSRcjZpLuweuY/nmftQKclxE1vwVcH CWI25j4P5UWUDFNyzNqGg/DaRhyaMrSPuocsh0phomczok9MAvnMgDYeCXOMARfwSxri66wzr 9HQimdg8Tp6hc0eGpwhBAPZcA1le3UA6Qg6r1rbf6ie9HaNJWnkwJYGhgWw85cfCTlQHDoubb QCeM7GWBAdse2VlUDLXUaV7TuVuZ5MMTTPRp4xSLbe36TwX5KlWPOKFxNisVQXFpKGYBFYkn8 EnayCmd66qnIjlyqXi7NqFqVoPyrR+O+cbw/AZtpLQKFevLx5lgbWj2ZLQkZjqAhN3eHmj46T IQe6bj94Z+1ApFO833eZAj94w6COHk/A+wsSlw+o9JhQiQ0PXyLsRRkgTWOk2UXQ3icPb8wy6 jjULQoTU1BjibFb9oAOFJkiG7ERmqBSsk6aogXS6hgzKHtMOG/5UhnJsMWDu7EUMEdfJnv9R/ BLrCFBVYNVdJ3GOVXhH7NaCVLKJ6emYo1n+tm/7PByrxo9sIPSGT7ATkNSHNG30CMmcY7Wk57 1uYeBCoHj6CUPNg2GXEk0KOtr1A=

The biggest issue thinking of even referencing the MP JWT API in the Jakarta Security Spec/API are circular dependencies to usually different versions.

Even if it’s currently just a few like Jakarta JSON Processing or CDI.

Using it in Soteria also bears the risk of API differences, because most of the time MP won’t yet be on the same Version level as Jakarta EE, but using it in the API could make this worse, also given the MP JWT API relies on a particular implementation using certain JWT Frameworks of different Kinds.

A good starting point would be Looking at the actual issue https://github.com/jakartaee/security/issues/277 and a proposed PR https://github.com/jakartaee/security/pull/278.

That involves the Nimbus JOSE Framework which I believe also could be used by some MP JWT implementations, but it uses Elements that don’t even exist in the MP API yet, especially JWSHeader.

I doubt the way it is proposed would work for the API but currently that is just a proposed addition to the TCK, where as discussed here earlier MP JWT also uses Jakarta Authentication or <version.jose4j>0.7.9</version.jose4j> without exposing them in the API.

Werner

Von: David Blevins
Gesendet: Freitag, 11. November 2022 21:19
An: jakartaee-platform developer discussions
Betreff: Re: [jakartaee-platform-dev] Moving MicroProfile JWT to JakartaSecurity?

> On Nov 11, 2022, at 12:06 PM, arjan tijms <arjan.tijms@xxxxxxxxx> wrote:

> Do you mean that the Jakarta security spec, and specifically the Jakarta Security API jar directly has the MP JWT spec / api as a dependency?

It's worth exploring at the very least. It's not something I've typically endorsed in the past, but I'm starting to soften to the idea if it can avoid a trend of having two copies of every api.

There are possibly other avenues that could be explored as well.

I think this thread is great, but would people be open to getting together for an hour and just talking out some options? I.e. we get us Jakarta Security and MicroProfile JWT folks together and see what we can come up with.

Thoughts?

-David

_______________________________________________

jakartaee-platform-dev mailing list

jakartaee-platform-dev@xxxxxxxxxxx

To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/jakartaee-platform-dev

Follow-Ups:
- Re: [jakartaee-platform-dev] Moving MicroProfile JWT to JakartaSecurity?
  - From: Scott Stark

References:
- [jakartaee-platform-dev] Moving MicroProfile JWT to Jakarta Security?
  - From: arjan tijms
- Re: [jakartaee-platform-dev] [es-dev] Moving MicroProfile JWT to Jakarta Security?
  - From: David Blevins
- Re: [jakartaee-platform-dev] [es-dev] Moving MicroProfile JWT to Jakarta Security?
  - From: Emily Jiang
- Re: [jakartaee-platform-dev] [es-dev] Moving MicroProfile JWT to Jakarta Security?
  - From: Rudy De Busscher
- Re: [jakartaee-platform-dev] Moving MicroProfile JWT to Jakarta Security?
  - From: arjan tijms
- Re: [jakartaee-platform-dev] Moving MicroProfile JWT to Jakarta Security?
  - From: Rudy De Busscher
- Re: [jakartaee-platform-dev] Moving MicroProfile JWT to Jakarta Security?
  - From: Brian Stansberry
- Re: [jakartaee-platform-dev] Moving MicroProfile JWT to Jakarta Security?
  - From: arjan tijms
- Re: [jakartaee-platform-dev] Moving MicroProfile JWT to Jakarta Security?
  - From: Brian Stansberry
- Re: [jakartaee-platform-dev] Moving MicroProfile JWT to Jakarta Security?
  - From: arjan tijms
- Re: [jakartaee-platform-dev] Moving MicroProfile JWT to Jakarta Security?
  - From: Kito D. Mann
- Re: [jakartaee-platform-dev] Moving MicroProfile JWT to Jakarta Security?
  - From: David Blevins
- Re: [jakartaee-platform-dev] Moving MicroProfile JWT to Jakarta Security?
  - From: arjan tijms
- Re: [jakartaee-platform-dev] Moving MicroProfile JWT to Jakarta Security?
  - From: David Blevins
- Re: [jakartaee-platform-dev] Moving MicroProfile JWT to Jakarta Security?
  - From: John Clingan
- Re: [jakartaee-platform-dev] Moving MicroProfile JWT to Jakarta Security?
  - From: Mike Milinkovich
- Re: [jakartaee-platform-dev] Moving MicroProfile JWT to Jakarta Security?
  - From: Scott Stark
- Re: [jakartaee-platform-dev] Moving MicroProfile JWT to Jakarta Security?
  - From: arjan tijms
- Re: [jakartaee-platform-dev] Moving MicroProfile JWT to Jakarta Security?
  - From: Scott Stark
- Re: [jakartaee-platform-dev] Moving MicroProfile JWT to Jakarta Security?
  - From: arjan tijms
- Re: [jakartaee-platform-dev] Moving MicroProfile JWT to Jakarta Security?
  - From: David Blevins

Prev by Date: Re: [jakartaee-platform-dev] Moving MicroProfile JWT to Jakarta Security?
Next by Date: Re: [jakartaee-platform-dev] Moving MicroProfile JWT to Jakarta Security?
Previous by thread: Re: [jakartaee-platform-dev] Moving MicroProfile JWT to JakartaSecurity?
Next by thread: Re: [jakartaee-platform-dev] Moving MicroProfile JWT to JakartaSecurity?
Index(es):
- Date
- Thread

Breadcrumbs