Re: [jaspic-dev] Option to be involed with the JASPIC EE4j Project

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

Re: [jaspic-dev] Option to be involed with the JASPIC EE4j Project

From: Darran Lofthouse <darran.lofthouse@xxxxxxxxxx>
Date: Mon, 5 Nov 2018 11:20:22 +0000
Delivered-to: jaspic-dev@xxxxxxxxxxx
List-archive: <https://www.eclipse.org/mailman/private/jaspic-dev>
List-help: <mailto:jaspic-dev-request@eclipse.org?subject=help>
List-subscribe: <https://www.eclipse.org/mailman/listinfo/jaspic-dev>, <mailto:jaspic-dev-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://www.eclipse.org/mailman/options/jaspic-dev>, <mailto:jaspic-dev-request@eclipse.org?subject=unsubscribe>

Hello Arjan,

On Fri, Nov 2, 2018 at 1:13 PM arjan tijms <arjan.tijms@xxxxxxxxx> wrote:

Hi Darran,

Sounds good! Indeed, there's a couple of things that are a bit out of scope for a modern Servlet Profile. The message policy is one thing that comes to mind (it's fully focussed on SOAP).

A couple of years ago there was already talk about a Servlet Profile-lite.

At this stage it certainly feels like a Servlet Profile-lite could be beneficial for a lot of the issues I have encountered.

However one additional gap that could be a candidate for either spec is we are very limited when it comes to client side HTTP authentication mechanisms - may be worth thinking about between the two at some stage,

I'll start the nomination project for you then soon. Can you post a link to your WildFly Elytron JASPIC implementation?

This is where we are at this stafe https://github.com/wildfly-security/wildfly-elytron/tree/master/src/main/java/org/wildfly/security/auth/jaspi there will be some more additions to make but at this stage the emphasis was the servlet profile especially as required for EE security.

Additionally our integration with Undertow is here https://github.com/wildfly-security/elytron-web/tree/master/undertow-servlet which allows us to keep this independent of the other authentication frameworks - also this allows us to run outside the application server with Undertow stand alone.

Thx!

Kind regards,
Arjan

On Fri, Nov 2, 2018 at 12:57 PM Darran Lofthouse <darran.lofthouse@xxxxxxxxxx> wrote:
Hello,

I am just writing to ask for myself to become involved with the JASPIC project as a committer.

Recently as part of our WildFly Elytron integrations I have implemented clean implementation to add servlet profile support allowing for JASPIC to be used with WildFly Elytron and subsequently EE security on top of this.

The scope of the specification seems much larger than it is practically use for in 2018, during my implementation I have gathered quite a collection of notes during this implementation of areas that could be reviewed, additionally I believe some of the next steps that we would be exploring within EE security could be easier if working with the JASPIC specification at the same time.

Regards,
Darran Lofthouse.

_______________________________________________
jaspic-dev mailing list
jaspic-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jaspic-dev

_______________________________________________
jaspic-dev mailing list
jaspic-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jaspic-dev

References:
- [jaspic-dev] Option to be involed with the JASPIC EE4j Project
  - From: Darran Lofthouse
- Re: [jaspic-dev] Option to be involed with the JASPIC EE4j Project
  - From: arjan tijms

Prev by Date: Re: [jaspic-dev] Option to be involed with the JASPIC EE4j Project
Next by Date: [jaspic-dev] About to release JASPIC 1.1.2
Previous by thread: Re: [jaspic-dev] Option to be involed with the JASPIC EE4j Project
Next by thread: [jaspic-dev] About to release JASPIC 1.1.2
Index(es):
- Date
- Thread

Breadcrumbs