Just sending this e-mail to check how we feel about EE APIs leaking into WildFly Core.  The WildFly Elytron subsystem already contains JACC related configuration so has a dependency on the JACC APIs - JASPIC is about to be added next which will also need a dependency on the JASPIC API so I wanted to check if we are happy with this or if we want to get this corrected.

I see a few options but other inspiration is also welcome.

1 - Do Nothing

Just continue adding EE related security configuration to the WildFly Elytron subsystem.

2 - Move the Elytron subsystem to WildFly

We have been over this in the past so I think we agree this would not work for us.

3 - Dynamically exclude portions of the model if not being used for EE management.

This would help the subsystem be specific for it's server process but TBH does not solve the underlying problem as it would still be within WildFly Core.

4 - Add an elytron-ee subsystem to WildFly

Capabilities allow two subsystems to work together well, main issue now security related config could be across two subsystems although very minor difference in the addres.

5 - Any other ideas?

Darran Lofthouse.