Re: [jaspic-dev] question about content of upcoming jakarta security spe

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

Re: [jaspic-dev] question about content of upcoming jakarta security specs

From: arjan tijms <arjan.tijms@xxxxxxxxx>
Date: Thu, 2 Dec 2021 21:13:09 +0100
Delivered-to: jaspic-dev@xxxxxxxxxxx
List-archive: <https://www.eclipse.org/mailman/private/jaspic-dev/>
List-help: <mailto:jaspic-dev-request@eclipse.org?subject=help>
List-subscribe: <https://www.eclipse.org/mailman/listinfo/jaspic-dev>, <mailto:jaspic-dev-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://www.eclipse.org/mailman/options/jaspic-dev>, <mailto:jaspic-dev-request@eclipse.org?subject=unsubscribe>

Hi,

Unfortunately, most have fallen off the plan, as there's simply too few people actually pushing those things forward (too few people actually providing code). Luckily we have the Open ID Connect authentication mechanism that's being worked on/prepared for by Rudy and Payara, and I did some of the low hanging fruit regarding API refinements.

I'd really hoped to have the "authorization modules" in, especially since we prepared them in 2016 and they missed the boat in for the 1.0 release, but I'm afraid it'll miss the boat again. Only chance to get something in still is if Jakarta EE 10 is somewhat delayed (it may be) or we don't strictly keep to the deadline of 15 December for Jakarta Security.

Kind regards,

Arjan Tijms

On Thu, Dec 2, 2021 at 8:02 PM Gary R Picher <gpicher@xxxxxxxxxx> wrote:

Hi folks, I'm trying to do some planning / sizing for implementation of the upcoming Jakarta security specs. For the most part, this isn't a problem, but I have a question about the content of the Jakarta Security 3.0 spec:

https://jakarta.ee/specifications/security/3.0/

There are some vaguely described bullets there such as "OAuth2" under "Additional authentication mechanism", or "Multiple authentication mechanisms (try JWT, fallback to BASIC, etc)" under "Extended authentication mechanisms". In addition, there's not much information under the CDI and Features sections. None of those bullets have a link to issues or PRs.

My question is, are we still looking at including some of those bullets into the upcoming specification, and if so, will there be issues with more details to help plan? Or, alternately, if these have fallen out of plan, could they be removed? Doesn't matter to me either way, I'm just looking to understand what's planned for inclusion and what isn't.

Thanks in advance for your help!!

--Gary--

--
Gary R. Picher
WebSphere Security Architecture
707-1-H12
2455 South Road
Poughkeepsie, NY, 12601
Phone: 845-435-9409 (t/l 295-9409)

_______________________________________________
jaspic-dev mailing list
jaspic-dev@xxxxxxxxxxx
To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/jaspic-dev

Follow-Ups:
- Re: [jaspic-dev] question about content of upcoming jakarta security specs
  - From: Gary R Picher

References:
- [jaspic-dev] question about content of upcoming jakarta security specs
  - From: Gary R Picher

Prev by Date: [jaspic-dev] question about content of upcoming jakarta security specs
Next by Date: Re: [jaspic-dev] question about content of upcoming jakarta security specs
Previous by thread: [jaspic-dev] question about content of upcoming jakarta security specs
Next by thread: Re: [jaspic-dev] question about content of upcoming jakarta security specs
Index(es):
- Date
- Thread

Breadcrumbs