Java EE Security API (JSR 375) Update
By David Delabassee-Oracle on Apr 14, 2015
"If you don't vote you can't complain. Get involved." (David Blevins)
From the current set of Java EE 8 JSRs, 'Java EE Security API' (JSR 375) is the latest one as it was only approved in December last year. It was started later than the other JSRs. Nevertheless, the EG is now very active (+200 messages just for last month!).
Obviously, this effort need a strong focus as 'Security' can mean a lot of things. And depending on whom you ask, you will high likely have different views. So to EG is currently busy filtering and consolidating ideas. In addition, one thing that is clear is that having a common ground for discussions is really needed. So the EG is also working on defining a security API terminology; i.e. a common vocabulary to enable concise and accurate communication amongst the EG and the community (see here). This may sounds obvious but it's not; e.g. what's the difference between a user store and a user realm?
During JavaLand, some EG members have presented a few ideas that will be tackled in this JSR. Alex Kosowski (JSR375 Specification Lead) also presented, during Devoxx France, the plans for JSR 375. Alex's session recording will be made available in the coming weeks. In the meantime, you can check the slides.
Since there are potentially a lot of things that could be addressed in this JSR, the EG needs to make sure they address the right features, in the right order and in the right form. So the goal of those different sessions is really to expose the EG current plans and ideas but more importantly to get your feedback!