Re: [jakarta.ee-spec] [BALLOT] Plan Review for Jakarta Security 4.0

[Ivar Grimstad <ivar.grimstad@xxxxxxxxxxxxxxxxxxxxxx>]

+1, PMC

On Thu, Jul 20, 2023 at 12:05 PM Arjan Tijms via jakarta.ee-spec <jakarta.ee-spec@xxxxxxxxxxx> wrote:

Hi,

On Wed, 19 Jul 2023 at 00:08, Scott Stark via jakarta.ee-spec <jakarta.ee-spec@xxxxxxxxxxx> wrote:

There don't appear to be issues in the security project for the
following items. Could they be added or highlighted in the release
plan to properly understand the suggested scope?

CDI:
* @RolesAllowed alternative

Thanks for noticing this. That one must have been the oldest issue created for the security project, as it was planned for 1.0. We somehow lost it along the way. I'll add it again.

 

Features
* Authorization modules

This indeed needs some further explanation. I'll make sure it gets there. For now, it's related to requests and questions such as these:

* https://github.com/jakartaee/security/issues/204

* https://stackoverflow.com/questions/27341665/is-it-possible-to-determine-group-membership-of-a-user-on-demand-instead-of-when

Essentially it boils down to making the security constraints, specifically those which can currently only be defined by web.xml, accessible via a programmatic API for querying and updating. We had this in scope for 1.0 as the "authorization" topic, but we never came to it back then.

See also https://arjan-tijms.omnifaces.org/2016/07/simplified-custom-authorization-rules.html

Kind regards,

Arjan Tijms

 

On Tue, Jul 18, 2023 at 12:10 PM Cesar Hernandez via jakarta.ee-spec
<jakarta.ee-spec@xxxxxxxxxxx> wrote:
>
> Greetings Jakarta EE Specification Committee,
>
> I request your vote to approve and ratify the plan for Jakarta Security 4.0
>
> The JESP/EFSP requires a successful ballot of the Specification Committee in order to approve the plan of this release (as defined in the EFSP).
>
> The relevant materials are available here:
>
> - https://github.com/jakartaee/specifications/pull/621
> - https://deploy-preview-621--jakartaee-specifications.netlify.app/specifications/security/4.0/
>
> Per the process, this will be a seven-day ballot, ending on Tuesday, July 25, 2023, that requires a Super-majority positive vote of the Specification Committee members (note that there is no veto). Community input is welcome, but only votes cast by Specification Committee Representatives will be counted.
>
> The Specification Committee is composed of representatives of the Jakarta EE Working Group Member Companies (Fujitsu, IBM, Oracle, Payara, Tomitribe, Red Hat, and Shandong Cvicse Middleware Co.), along with individuals who represent the EE4J PMC, Participant Members, and Committer Members.
>
> Specification Committee representatives, your vote is hereby requested. Please respond with +1 (positive), 0 (abstain), or -1 (reject). Any feedback that you can provide to support your vote will be appreciated.
>
>
> --
> Regards
> Cesar Hernandez
> https://twitter.com/CesarHgt
> http://www.tomitribe.com
> https://www.tomitribe.io
> _______________________________________________
> jakarta.ee-spec mailing list
> jakarta.ee-spec@xxxxxxxxxxx
> To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/jakarta.ee-spec
_______________________________________________
jakarta.ee-spec mailing list
jakarta.ee-spec@xxxxxxxxxxx
To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/jakarta.ee-spec

_______________________________________________
jakarta.ee-spec mailing list
jakarta.ee-spec@xxxxxxxxxxx
To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/jakarta.ee-spec

--

Ivar Grimstad

Jakarta EE Developer Advocate | Eclipse Foundation Eclipse Foundation - Community. Code. Collaboration.