I've made some changes to the DatabaseIdentityStoreDefinition and LdapIdentityStoreDefinition on a branch; I'd appreciate review/comments by anyone with time to look at them. The changes are

Unless someone else is already doing this, I plan to code up the changes to LdapIdentityStore needed to support the LdapIdentityStoreDefinition changes in the PFD (search scope, memberOf s

Copied some parts out of the other thread as it becomes too unreadable. remove the "plumbing" that passees the properties down to the hash implementation, in case we want to restore the properties.

Hi, I was looking for the @LoginToContinue annotation info within the spec. I see that it is only mentioning that the 2 Form definition annotations need such a member. But there is no description of t

EG: I'd like to meet again, either late this week (Thursday/Friday) or early next week (Monday/Tuesday) It seems like early afternoon EDT/early evening CET works best for

NotificationMeeting Invite Will Hopkins has invited you to JSR-375 Expert Group MeetingDate:Mon, Jul 24, 2017Time:2:00 PM - 4:00 PM EDTLocation:Zoom -- see below for detailsOrganizer:Will HopkinsAtten

Hi, I noticed this commit: https://github.com/javaee-security-spec/soteria/commit/421b6f001c31cd3d64bad0b0f62807ebbb1c7712 Where the comment said "bundle" is needed for GF integration. However JSF/Moj

Hi Will, Can you also add me to the Java EE Organization and the "Java EE Security Team" just like all the other active EG members and contributors? Thanks Rudy

The repo migration is complete. Please take the time to read this email completely, as it explains how access to the repos works now, and what you'll need to know/do in order to contribute goi

So I added support for group lookup via memberOf to the PFD version of the spec. Any EG members know whether it's possible to configure Unbounded or OpenDJ to support memberOf, and,

I thought I sent this out yesterday, but forgot to copy the list -- just as well that I wasn't able to complete the migration last night, although I did get started on the security-spec repo.

Hi, At least before Proposed Final Draft I was wondering, if a move to the official GitHub organization for Java EE https://github.com/javaee was planned any time soon? If it isn't done now, then most

EG, Trying to get a sense of how much work is left to get soteria updated to match the PFD version of the spec. A good chunk is already done, but I'd like to check on the following

There is one EC no vote due to lack of effectively JWT support. I see Rudy has done some work very recently: - https://github.com/rdebusscher/soteria-jwt Scott has mentioned it recently as well, but

Artifacts are now published in the "releases" repository at maven.java.net. -- Will Hopkins | WebLogic Security Architect | +1.781.442.0310 Oracle Application Development 35 Network Drive, B

A couple of announcements: The Public Review Ballot passed, with 21 yes votes, 1 no vote, and 3 who didn't vote at all. The no vote was from JetBrains; I have reached out

Hi Werner, Linda and I sync'd up on that and I believe the two specs are consistent, although the EE 8 spec obviously doesn't go into as much detail and doesn't list every API.

I've made a number of API changes as discussed during the EG call last week. I plan to submit the changes as part of the PFD submission today, so if anyone has comments please let me know ASAP

I've gotten some feedback on the default group -> role mapping that I'd like to share with the EG: The first is some concern about the impact of a default mapping on security.

Hi, Here are my thoughts about the current draft of the spec. Some of them are very subjective and some are about rewording phrases that I may have misunderstood due to my poor English. Page 4 - Cont