[security-dev] PicketLink restructure

Shane Bryzak sbryzak at redhat.com
Tue Oct 2 10:48:05 EDT 2012

Ok, let me lay it all out in a way that hopefully makes some more sense ;)

In reviewing all of our various security offerings, it became quickly 
apparent to me that a new developer looking at our stuff would most 
likely become quickly confused - in fact there was even quite a bit of 
confusion during our recent Elluminate call as to which security modules 
did what.  After Anil and I had a discussion about this we agreed that 
the first steps in reducing this confusion would be to re-purpose 
PicketLink as the "go to" project for security for Java EE developers.  
This greatly simplifies our message and gives us a single place to which 
we direct people who are looking for a security solution for their 
projects.  PicketLink will be where we can point previous users of Seam 
Security to, and will compete head to head with other well-known 
"complete" security frameworks.

In terms of Java SE, the only requirements I am aware of are those of 
the AS team wishing to use the IDM libraries - to this end we've 
maintained IDM as a submodule of PicketLink, without any CDI 
dependency.  For a typical EE developer who just wants to get started, 
we simply tell them to add picketlink-core to their Maven dependencies 
which gives them everything.  Just to be clear about what's in 
picketlink-core, it's simply the user session state management (i.e. the 
Identity bean), authentication API (which is based on CDI), CDI-enabled 
configuration for IDM, and the ACL Permissions API (built on 
DeltaSpike's security binding types). All of this is quite CDI-specific 
(except for the permissions stuff which could theoretically be rewritten 
as JavaSE however I have no interest in doing so).

I can understand how at first glance it might seem weird that some 
modules are targetted at SE while core is EE, however it's my opinion 
that we shouldn't be pushing PicketLink as a set of "modules" anyway.  
The separation of the IDM module is only for the AS team's benefit, 
otherwise this feature would be part of core itself.  In fact, I think 
we should downplay that it even consists of multiple modules.

Remember, this is just the first step towards unifying our security 
message. We've still got a lot of work to do, including further 
discussions about what we do with PicketBox, which I hope we address in 
the coming weeks.  Hopefully this has been helpful in shedding some 
light on the motivations for this restructure.


On 03/10/12 00:08, Pete Muir wrote:
> Or maybe I'm just confused about the naming, it seems odd to me for "core" to target Java EE, whilst modules target Java SE...
> On 2 Oct 2012, at 05:35, Pedro Igor Silva wrote:
>> If I understood correctly, Pete asked for something like we have with PicketBox. A core project for Java SE and a cdi-based one with the cdi glue code.
>> That way we can work with core functionality and expose those for some specific environment: CDI, JAX-RS, EJB, WS, AS, etc. This can also help others using picketlink in their projects.
>> Regards.
>> Pedro Igor
>> ----- Original Message -----
>> From: "Shane Bryzak" <sbryzak at redhat.com>
>> To: "Pete Muir" <pmuir at redhat.com>
>> Cc: security-dev at lists.jboss.org
>> Sent: Monday, October 1, 2012 11:03:22 PM
>> Subject: Re: [security-dev] PicketLink restructure
>> On 02/10/12 10:00, Pete Muir wrote:
>>> It seems odd to me that CDI is called core? I thought the idea was that picketlink core would be pure Java SE, and CDI support gets added on top.
>> Some of the modules are Java SE (IDM, Social) and core is the CDI-based
>> "glue" that integrates it all into an easily consumable package for EE devs.
>>> But +1 to the merge. The more we can put under one project, with one brand the better.
>>> I talked to Anil about merging PicketBox into PicketLink as well, as "just another module" and I think this will make things a lot simple for users to understand.
>>> On 1 Oct 2012, at 15:30, Shane Bryzak wrote:
>>>> In the interests of presenting a clear message to our developers, one of the steps we'll be taking is to consolidate the various PicketLink projects into a single project and presenting this as the "go to" solution for application security.  For now I've merged the CDI and IDM subprojects (these are now submodules of the PicketLink project, with "CDI" renamed to "Core") and the plan is to eventually merge the social and federation modules also.
>>>> You can find the new GitHub repository here: https://github.com/picketlink (renamed from picketlink-cdi) and the picketlink-idm repository has now been deleted.  For anyone working on these modules, please use the new repository from now on.
>>>> Thanks!
>>>> Shane
>>>> _______________________________________________
>>>> security-dev mailing list
>>>> security-dev at lists.jboss.org
>>>> https://lists.jboss.org/mailman/listinfo/security-dev
>> _______________________________________________
>> security-dev mailing list
>> security-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/security-dev

More information about the security-dev mailing list