I would also like to understand whether we want MicroProfile and Jakarta EE to collaborate or compete. I hope we all want them to collaborate, it's just not clear to me what some people understand as collaboration.
· Moving functionality or even whole specs between MicroProfile and Jakarta EE -> collaboration
· Duplicating functionality -> competition
· Forcing one or the other to consume specs from the other -> competition
I think the last point above is what is causing all the controversy and disputes in this thread. I believe that collaboration should be voluntary, not enforced. And therefore it's not collaborative to prohibit Jakarta Security to implement support for JWT, if the Security team wants to do so and even planned to do so even before MP JWT existed. And we all know that Jakarta EE cannot depend on MicroProfile specs, for various reasons already discussed elsewhere. It's simply not an option even though it may seem logical.
For me, collaborative means that both MP and EE try to find a solution that is suitable for both. I see one such solution, which I already mentioned:
· JWT support is added to Jakarta Security, ideally with some support and feedback from the MP JWT team
· Jakarta Security creates a Lite profile (with just JWT, or maybe some other things suitable for MicroProfile)
· MicroProfile can then replace MP JWT with Jakarta Security Lite to unify the API, but doesn't have to, if EE Security Lite spec isn't (yet) good enough to replace MP JWT. MicroProfile would certainly be consulted before EE Security Lite is added to EE Core Profile.
All steps here are voluntary and don't require that both MicroProfile and Jakarta EE agree on anything. But with this approach, there are also a lot of options how MP and EE can collaborate to improve the final solution for both.
Or am I wrong in how I understand collaboration vs. competition?