Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [jakartaee-platform-dev] Moving MicroProfile JWT to Jakarta Security?
Hi,

On Mon, Nov 14, 2022 at 11:46 AM Steve Millidge (Payara) <steve.millidge@xxxxxxxxxxx> wrote:

In this particular case MP-JWT could impose additional integration requirements in its spec when run on a runtime that also supports Jakarta Security?

Yes, while from a Jakarta Security point of view not ideal, it would be a good compromise, at least one to start with. The MP JWT spec currently does list an integration requirement, but it's a bit shallow and doesn't do much in practice. Of course I'm myself to blame for this not-so-usable requirement, as I was part of MP JWT 1.0 and probably overlooked this at the time.

There's much room to do better here. Incidentally, Payara at least would pass the stricter integration requirements easily.

I do wonder about where we can put any TCK test for this, and whether we can even mandate anything here,

Kind regards,
Arjan Tijms

 

Back to the top