Re: [jakartaee-platform-dev] Moving MicroProfile JWT to JakartaSecurity?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

Re: [jakartaee-platform-dev] Moving MicroProfile JWT to JakartaSecurity?

From: Werner Keil <werner.keil@xxxxxxx>
Date: Tue, 15 Nov 2022 17:01:14 +0100
Delivered-to: jakartaee-platform-dev@xxxxxxxxxxx
Importance: normal
List-archive: <https://www.eclipse.org/mailman/private/jakartaee-platform-dev/>
List-help: <mailto:jakartaee-platform-dev-request@eclipse.org?subject=help>
List-subscribe: <https://www.eclipse.org/mailman/listinfo/jakartaee-platform-dev>, <mailto:jakartaee-platform-dev-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://www.eclipse.org/mailman/options/jakartaee-platform-dev>, <mailto:jakartaee-platform-dev-request@eclipse.org?subject=unsubscribe>
Ui-outboundreport: notjunk:1;M01:P0:mlujSDPgz5c=;ZjjtGKlS7F6ZPKWQj3dcRFrwlD8 ZINYQfQ90XmXdT/vacfiVbLqlt+B41MuO80/VW1AodjAsAozQ1S00CJ1/fPMxBGWbF96iKN5C BT+iTzeLaUoEg/8Qvi9psDrDcdvxjQb1IVHtkkS/PkmqZxr5QdQdeJ2WiKKr7V61Nj3qwIzMZ RERap8LLuwXkgs3FTTJZE/9F7WfgWiu+DCmDd00Ygt68rk7ijna1I+MqexbDtlsaXOX9+uFSN yvaidEHe7h6srHSoU0CAXhLf6gm+7ewKpBH0qZPV+0kS009kxhgSY/pdfApA3ma54dWTIjWCw wJm8s6lKWDtkkZHTrIQzGW8TjvB2hrMI3CmNeymlgDNMUb0YKrP5+N0bLt6EmxK1GrO2SFtCJ 2Ay/3bl0eKcACtq/NdJrpDOvHj2MySfA8yCdt3zwOr4B6w90h46i3On2133BlDffe5iiUqcn3 KasajvWDn2F9M5CUoJg9Z6AKJZ1wjZD21gdtCaLK+/5d9SJ+wCmVZHbcuXJHDTXGYWmr0+34W Yn6oV1WbDUOvQpBGCLI/ua29XNjupPz3XEIdiQ8keuSAjgbuKjLxSK1DxpjK4l3hhbbQe8ekI DkUJMq4byXhmQYyCZteXSVuZCmumCb4KS4WEfG/VdHM1PNioj7MrDNgXBzeaY2k3/vLP4b/pp QANKWqaC71/Fc4u5he6a3eW7advMTjsmBjHjINV8zaK/i1792Vl1YyWhJJiqHwRjCzVwCJQOg m76oELo+jHmgIikMiV+6IPDCdLviwH72ds5cLEq2FivE07hw2cdO9HCAXQCLpICuO7dSr+tIS s7xDq7CrVE0ecXTvbCqgGLg6XXgOTF17BNUS9eymuNt35whTNUImVFkqhWa77Lkckq3FPXSjG oHde1b89NWV0rNftlZGOxCbHxff6PE8CJqPudNxhC34fKAs8P82FoCMg+dYIu42yM851T2atZ w+g4FA/7iMlLexo5qIk3JuYkfWU=

>Isn't that an opportunity where Jakarta Security could reference MP JWT?

>i.e. the MP JWT specification doesn't specify how it is implemented, but the Jakarta Security specification could reference the MP JWT APIs and configuration and define how these are >implemented in Jakarta Security?

It would lead to cyclic dependencies, for Jakarta Security alone both CDI and JSON Processing, and assuming multiple Jakarta EE APIs wanted to consume MP APIs, that potentially gets worse.

https://microprofile.io/2021/12/07/microprofile-5-0-release/ lags behind Jakarta EE 10 until at least 10, so a Security API Catering towards Jakarta EE 11 already had to use a MP JWT API based on much older APIs like CDI 3 etc.

Then there are even some „outside the umbrella“ like MP GraphQL 1.1 that were not even upgraded and are still on the API Level of MP 4.1, hence if they consume any Jakarta EE APIs then it gets even worse using those as well.

Werner

Von: Darran Lofthouse
Gesendet: Dienstag, 15. November 2022 14:17
An: jakartaee-platform developer discussions
Betreff: Re: [jakartaee-platform-dev] Moving MicroProfile JWT to JakartaSecurity?

On Fri, Nov 11, 2022 at 6:32 PM arjan tijms <arjan.tijms@xxxxxxxxx> wrote:

Hi

On Fri, Nov 11, 2022 at 6:15 PM Scott Stark <starksm64@xxxxxxxxx> wrote:
For specification projects in a related space, the existence of more than one needs to be justified. There is a reason everyone involved in specification/standards work raises this well trodden satire out at some point:
https://imgs.xkcd.com/comics/standards.png

So what do you propose instead then? Having a Jakarta Full-profile or so that includes both EE and MP?

As a Jakarta EE user, we can now freely use Form, Basic, Open ID Connect, but not JWT. Even when a MP profile JWT implementation is added, it's not necessarily based on Jakarta Security. Even in a Jakarta EE server that already includes MP components, its JWT implementation does not necessarily have to be Jakarta Security based. Meaning, things like additional identity stores, interceptors, etc are not being picked up for JWT or may even clash.

Isn't that an opportunity where Jakarta Security could reference MP JWT?

i.e. the MP JWT specification doesn't specify how it is implemented, but the Jakarta Security specification could reference the MP JWT APIs and configuration and define how these are implemented in Jakarta Security?

Kind regards,
Arjan Tijms

_______________________________________________
jakartaee-platform-dev mailing list
jakartaee-platform-dev@xxxxxxxxxxx
To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/jakartaee-platform-dev

Follow-Ups:
- Re: [jakartaee-platform-dev] Moving MicroProfile JWT to JakartaSecurity?
  - From: Emily Jiang

References:
- [jakartaee-platform-dev] Moving MicroProfile JWT to Jakarta Security?
  - From: arjan tijms
- Re: [jakartaee-platform-dev] [es-dev] Moving MicroProfile JWT to Jakarta Security?
  - From: David Blevins
- Re: [jakartaee-platform-dev] [es-dev] Moving MicroProfile JWT to Jakarta Security?
  - From: Emily Jiang
- Re: [jakartaee-platform-dev] [es-dev] Moving MicroProfile JWT to Jakarta Security?
  - From: Rudy De Busscher
- Re: [jakartaee-platform-dev] Moving MicroProfile JWT to Jakarta Security?
  - From: arjan tijms
- Re: [jakartaee-platform-dev] Moving MicroProfile JWT to Jakarta Security?
  - From: Rudy De Busscher
- Re: [jakartaee-platform-dev] Moving MicroProfile JWT to Jakarta Security?
  - From: Brian Stansberry
- Re: [jakartaee-platform-dev] Moving MicroProfile JWT to Jakarta Security?
  - From: arjan tijms
- Re: [jakartaee-platform-dev] Moving MicroProfile JWT to Jakarta Security?
  - From: Brian Stansberry
- Re: [jakartaee-platform-dev] Moving MicroProfile JWT to Jakarta Security?
  - From: arjan tijms
- Re: [jakartaee-platform-dev] Moving MicroProfile JWT to Jakarta Security?
  - From: Kito D. Mann
- Re: [jakartaee-platform-dev] Moving MicroProfile JWT to Jakarta Security?
  - From: David Blevins
- Re: [jakartaee-platform-dev] Moving MicroProfile JWT to Jakarta Security?
  - From: arjan tijms
- Re: [jakartaee-platform-dev] Moving MicroProfile JWT to Jakarta Security?
  - From: David Blevins
- Re: [jakartaee-platform-dev] Moving MicroProfile JWT to Jakarta Security?
  - From: John Clingan
- Re: [jakartaee-platform-dev] Moving MicroProfile JWT to Jakarta Security?
  - From: Mike Milinkovich
- Re: [jakartaee-platform-dev] Moving MicroProfile JWT to Jakarta Security?
  - From: Scott Stark
- Re: [jakartaee-platform-dev] Moving MicroProfile JWT to Jakarta Security?
  - From: arjan tijms
- Re: [jakartaee-platform-dev] Moving MicroProfile JWT to Jakarta Security?
  - From: Darran Lofthouse

Prev by Date: Re: [jakartaee-platform-dev] Moving MicroProfile JWT to Jakarta Security?
Next by Date: Re: [jakartaee-platform-dev] Moving MicroProfile JWT to Jakarta Security?
Previous by thread: Re: [jakartaee-platform-dev] Moving MicroProfile JWT to Jakarta Security?
Next by thread: Re: [jakartaee-platform-dev] Moving MicroProfile JWT to JakartaSecurity?
Index(es):
- Date
- Thread

Breadcrumbs