Thursday Oct 20, 2011

More on JSR 351 (Identity API)

Staying on the theme of Java progress (albeit beyond Java EE 7 this time), JSR 351, the Java Identity API, is set to enhance the Java Security Model for both Java SE and Java EE in a declarative programing style.


Following Ron Monzillo's presentation at JavaOne 2011 InfoQ posted a summary highlighting the goals of the JSR: Standardize Identity in Java (while remaining domain-agnostic), Promote Attribute Service for authorization and auditing and finally define the aforementioned declarative programming model.

Note that this JSR doesn't not plan to complete in time for Java EE 7 but should instead be usable starting with JavaEE 6.

Sunday Sep 25, 2011's identity JSR

We now have a new JavaEE-related proposed JSR on the block - JSR 351: JavaTM Identity API".

To paraphrase the JSR submission, the goal is to "build on the Java security model to define identity APIs that will be used by applications for access control decisions in a declarative programming style".


The JSR will specify how applications will consume, produce and check attributes such as email address, social security number, bank account number, date of birth, nationality, gender, etc. Disclosure and use of these identity attributes would be under the user's control. Check out the proposal for a sample scenario.

The initial Expert Group is lead by Oracle (Ron Monzillo) and includes IBM, RedHat, SAP AG and the JSR is supported by American Express, Aspect Security, Boeing, Ericsson AB, and OWASP. The goal is to be compatible with Java EE 6 onward, with a final release in early 2013.