JavaEE.next's identity JSR
By alexismp on Sep 25, 2011
We now have a new JavaEE-related proposed JSR on the block - JSR 351: JavaTM Identity API".
To paraphrase the JSR submission, the goal is to "build on the Java security model to define identity APIs that will be used by applications for access control decisions in a declarative programming style".
The JSR will specify how applications will consume, produce and check attributes such as email address, social security number, bank account number, date of birth, nationality, gender, etc. Disclosure and use of these identity attributes would be under the user's control. Check out the proposal for a sample scenario.
The initial Expert Group is lead by Oracle (Ron Monzillo) and includes IBM, RedHat, SAP AG and the JSR is supported by American Express, Aspect Security, Boeing, Ericsson AB, and OWASP. The goal is to be compatible with Java EE 6 onward, with a final release in early 2013.