On Friday, February 8, 2013 at 9:36 PM, Anil Saldhana wrote:

Hi All,
our release ninja, Pedro has released PicketBox 5.0.0.Final whose
notes is at https://docs.jboss.org/author/display/SECURITY/5.0.0.Final

We delayed the release mainly to accommodate PicketLink v3.0 IDM that
was under development. PicketBox5 uses the most recent version of IDM.

Congratulation guys.

==============
** What is PicketBox5? **
==============
PicketBox5 is a project that provides the various tools for Java Security.
https://docs.jboss.org/author/display/SECURITY/SecurityProjectsArchitecture

==================
** Are there quickstarts? **
==================
https://docs.jboss.org/author/display/SECURITY/PicketBox+Quickstarts

Looks like the quickstarts are referencing to the Pedro's repository, not PicketBox repository.

==================
** Where is PicketBox5 useful? **
==================
Java Applications wherever the following are needed:
* Authentication.
* Authorization
* Audit
* Session Management (non-http based)
* Entitlements Management
(https://docs.jboss.org/author/display/SECURITY/EntitlementsManager)

It does have general purpose HTTP authentication (basic/form/digest)
support that is not EE container security
driven.(https://docs.jboss.org/author/display/SECURITY/PicketBox+HTTP)

=========================
** How is this different from PicketLink v3? **
=========================

Here comes the tricky part to understand, at least for me. If I recall correctly PicketLink v3 is our

opportunity to build something new from the experience of Seam Security, PicketBox, GateIn, Resteasy….

Are we filling the gaps with PicketBox instead of provide the final solution? For example, picketlink provides something like this for me:

package org.picketlink.internal;

public class DefaultIdentity implements Identity….

On picketlink-extensions I have:

package org.picketlink.extensions.core.pbox;

public class DefaultPicketBoxIdentity extends DefaultIdentity implements PicketBoxIdentity…

It makes me confuse. Are we filling the gaps on PicketLink or creating workarounds inside something new?

PicketLink v3 is our umbrella project for enabling security for JavaEE
applications (EE6+). PicketLinkv3 contains core security, IDM, SAML,
OAuth and Social (facebook/twitter/openid) components that are useful
for JavaEE applications. There is PicketLink Extensions project that
does use PicketBox5 underneath to fill in some of the gaps missing in
PicketLink v3, as we are transitioning features into PL3 based on user
demand.

Feedback welcome.

Now onto making PicketLink v3 Final release a reality. :)

Regards,
Anil
_______________________________________________
security-dev mailing list
security-dev@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/security-dev