How does JSecurity relate to existing standards, e.g., JAAS, JACC,
WS-Security, etc.?
The only reference I found is a comment in the slide show saying "Simplify
or replace JAAS." Well JAAS is the Java standard in this space, and part of
the Java core, so are we proposing a replacement or supplement to the JCP?
I also see that JSecurity web support relies on a return to
application-level security based on a filter, rather than rely on container
management, which has evolved as a cornerstone of Java programming. The
reliance on a filter is probably because JSecurity is not (yet?) integrated
with the Java standards in the security space.
It seems to me that there ought to be some support for Java specifications
and container managed security, if projects such as Tomcat, Geronimo,
Jetspeed, et al, are to consider JSecurity.
This isn't a statement about suitability for Incubation, just a discussion
point. :-)
--- Noel
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
