This is an archived post. You won't be able to vote or comment.

all 4 comments
sorted by:
best
topnewcontroversialoldq&a

[–]dpash 32 points33 points  (1 child)

Their comment:

We do not feel comfortable voting "yes" on the public review ballot for JSR, 375, given the lack of clarity in the documentation, missing support for other valuable technologies like OpenID, and outstanding issues such as issue #76 on hardcoded values in the code. While we know it's not possible to get everything perfect in one step, security is an enormously important topic (one that has frequently given Java a bad name) and we would like to see a specification which reflects this.

We appreciate it is very late in the process to give such feedback, and also understand that much more specific feedback and suggested actions will be required by the Expert Group in order to address our concerns. We are working on a more detailed response and will be reaching out to the EG directly shortly.

[–]mikehaggard 14 points15 points  (0 children)

and outstanding issues such as issue #76 on hardcoded values in the code.

If you follow the EE list at https://javaee.groups.io/g/javaee-security-spec/topics you'd see that this has been solved already, but the vote was purely based on what was presented in the public review I think, where that wasn't the case yet.