Re: [jaspic-dev] question about content of upcoming jakarta security spe

["Gary R Picher" <gpicher@xxxxxxxxxx>]

Great, thank you!  So for planning purposes, it sounds like the items with links to issues are the ones I should focus on as definitely in plan.

The items without issues I will consider as possibilities, but until I see an issue or more clarification, I'll think of them as more likely than not to fall out of plan.

Thanks again for your help!

--Gary--

--
Gary R. Picher
WebSphere Security Architecture
707-1-H12
2455 South Road
Poughkeepsie, NY, 12601
Phone:  845-435-9409 (t/l 295-9409)


"arjan tijms" ---12/02/2021 03:13:31 PM---Hi, Unfortunately, most have fallen off the plan, as there's simply too few

From: "arjan tijms" <arjan.tijms@xxxxxxxxx>
To: "jaspic developer discussions" <jaspic-dev@xxxxxxxxxxx>
Date: 12/02/2021 03:13 PM
Subject: [EXTERNAL] Re: [jaspic-dev] question about content of upcoming jakarta security specs
Sent by: "jaspic-dev" <jaspic-dev-bounces@xxxxxxxxxxx>

---

Hi, Unfortunately, most have fallen off the plan, as there's simply too few people actually pushing those things forward (too few people actually providing code). Luckily we have the Open ID Connect authentication mechanism that's being ZjQcmQRYFpfptBannerStart 
This Message Is From an External Sender 
This message came from outside your organization. 
ZjQcmQRYFpfptBannerEnd
Hi,

Unfortunately, most have fallen off the plan, as there's simply too few people actually pushing those things forward (too few people actually providing code). Luckily we have the Open ID Connect authentication mechanism that's being worked on/prepared for by Rudy and Payara, and I did some of the low hanging fruit regarding API refinements.

I'd really hoped to have the "authorization modules" in, especially since we prepared them in 2016 and they missed the boat in for the 1.0 release, but I'm afraid it'll miss the boat again. Only chance to get something in still is if Jakarta EE 10 is somewhat delayed (it may be) or we don't strictly keep to the deadline of 15 December for Jakarta Security.

Kind regards,
Arjan Tijms






On Thu, Dec 2, 2021 at 8:02 PM Gary R Picher <gpicher@xxxxxxxxxx> wrote:

Hi folks, I'm trying to do some planning / sizing for implementation of the upcoming Jakarta security specs.  For the most part, this isn't a problem, but I have a question about the content of the Jakarta Security 3.0 spec:

https://jakarta.ee/specifications/security/3.0/

There are some vaguely described bullets there such as "OAuth2" under "Additional authentication mechanism", or "Multiple authentication mechanisms (try JWT, fallback to BASIC, etc)" under "Extended authentication mechanisms".  In addition, there's not much information under the CDI and Features sections.  None of those bullets have a link to issues or PRs.

My question is, are we still looking at including some of those bullets into the upcoming specification, and if so, will there be issues with more details to help plan?  Or, alternately, if these have fallen out of plan, could they be removed?  Doesn't matter to me either way, I'm just looking to understand what's planned for inclusion and what isn't.

Thanks in advance for your help!!

--Gary--

--
Gary R. Picher
WebSphere Security Architecture
707-1-H12
2455 South Road
Poughkeepsie, NY, 12601
Phone:  845-435-9409 (t/l 295-9409)


_______________________________________________
jaspic-dev mailing list
jaspic-dev@xxxxxxxxxxx
To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/jaspic-dev_______________________________________________
jaspic-dev mailing list
jaspic-dev@xxxxxxxxxxx
To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/jaspic-dev