On 09/22/2011 05:56 PM, Bill Burke wrote:
On 9/22/11 5:46 PM, David M. Lloyd wrote:
> I'm going to put on my Bill hat here and say, "JSR 196 is crap".
>
Its not just JSR196. SAML is crap. XACML is crap. Its horrible
horrible stuff. The only reason we should implement it is to integrate
with other vendor's products.
I am not preaching JSR 196 here. Because of EE6,
my team has to
implement it for AS7.1. I don't magically get hours to figure out
abstract uber APIs and slowly plug in the EE specs.
That way, security is a mess. Too bad, you don't get a call when there
is a major
issue with some security mechanism that was put in some weird corner of
the JBoss ecosystem.
Also plugging in your own authentication mechanism in AS7 is crap
too,
specially, modules are a mess. Unless you fixed some things in the last
month. But thats another conversation I want to have.
Rather than just complaining, please provide feedback on what gives you
a heartburn. Suggest alternatives. It is not like I have a telepathic
hat to just wear and understand you.
> I've been saying this exact thing for over a year now. And
the response
> has ever been "we'll have a call, we'll talk about it, we'll gather
> requirements, let's write an agenda, get some minutes, talk talk talk
talk".
>
Yup. I can't wait any longer. Too many of our users want our OAuth
work integrated. THere's a whole story around security, web-apps, and
REST I'm trying to putting together as well. The thing is we also need
some *real* management on this stuff as well.
For your kind information, OAuth spec is not even final. I think they
are at Draft 21 and hopefully in this millennium, they will finish the
spec. Same goes with OpenID also. OpenID schema types refer to
www.axschema.org and that domain does not even exist.
Bill