Hi All,

I'm discussing this internally to figure out what the best way forward is. Conceptually, of course, an MR is what we want, but as Bill pointed out to me, an MR couldn't be included in Java EE 8 under the current rules, so making it widely available probably requires making it available under EE4J somehow.

There is reluctance to make changes, even on a branch, in the GitHub repos, as that may impede the migration to Eclipse.

Similarly, if the code were forked -- at least, if it were forked with the intent to eventually submit the changes back to EE4J -- then the forked code would need to be managed carefully to ensure that IP rights properly protected and that the resulting code was "IP clean" to submit to EE4J.

The idea of making some private modifications to the RI to address the short term needs is in some ways most appealing -- it's certainly the most expedient and logistically simple, I think -- but I think there would still be a need to carefully track IP, since the goal would (presumably) be to submit back to an eventual Java EE Security.Next.

Thoughts?

Will

Hi,

For the ones who haven’t seen it yet; OpenLiberty started with their own implementation of JSR 375.

See: https://github.com/OpenLiberty/open-liberty/tree/master/dev/com.ibm.ws.security.javaeesec/src/com/ibm/ws/security/javaeesec

-- 
Will Hopkins | WebLogic Security Architect | +1.781.442.0310
Oracle Developer Experience
35 Network Drive, Burlington, MA 01803