The timing may be different, but it seems in the interest of not just users, if that technology once available can be used by servers or apps on top of EE7 rather than having to wait an entire generation for 8.
While we have not discussed the API for it in such detail, it sounds natural using SecurityManager, the platform provides to control this kind of access. Even if some of it may have to be extended for the needs of 351, and some of its main targets like Social Media or the Cloud.
I haven't been tracking JSR 351, and we don't currently plan to include it in EE 7, so I don't know if the requirements you refer to would be part of that spec or some future version of the platform spec.
Werner Keil wrote on 05/10/2012 03:28 PM:
Thanks a lot for the update.
I'm glad, Ron is involved, so where access to identity providers and attributes so far discussed by the JSR 351 EG needs to be restricted or controlled, I assume there's going to be additional requirements for that, too.
WernerAm 10.05.2012 23:43 schrieb "Bill Shannon" <bill.shannon@...>:
Larry McCay, Ron Monzillo, and I have drafted updates to the platform
spec to describe the new security manager requirements we've previously
agreed on. It turned out to be surprisingly difficult to write these
requirements in a way that captures some of the subtlety involved.
Please review these updated spec sections carefully and ask questions
if you're not sure exactly what the requirements are.
The proposed spec updates are here, and will be folded into the draft
spec soon (obviously the numbering and such will be fixed at that point):
[javaee-spec users] [jsr342-experts] Re: spec changes for new security manager requirements