glassfishrobot
commented
9 years ago Reported by arjan_t
Closed glassfishrobot closed 9 years ago
glassfishrobot
commented
9 years ago Reported by arjan_t
glassfishrobot
commented
9 years ago arjan_t said: Sorry, this issue was supposed to be created over at the JAVAEE_SECURITY_SPEC jira, but even with the URL of that one clearly in my address bar JIRA still found it necessary to create it for this jira . Unfortunately it's not possible to delete or edit one's own issues either, so please close or remove.
glassfishrobot
commented
9 years ago @bshannon said: Closing as requested by submitter.
glassfishrobot
commented
7 years ago This issue was imported from java.net JIRA JAVAEE_SPEC-46
glassfishrobot
commented
9 years ago Marked as invalid on Monday, December 1st 2014, 4:59:36 pm
In Java EE security there are various levels of roles that come into play, but the terminology for those roles is not centrally defined and the terms that are used are not always entirely clear.
Currently there are 3 levels of roles used:
| Term | Meaning | | Group | Organization wide role | | Role | Application wide role | | Role ref | Component wide role |
The term group specifically is a source of confusion. People too often dream up all kinds of meanings for it, EXCEPT the meaning "organization wide role".
group is also not entirely consistently defined. JASPIC recognizes the term and uses it in its API/SPI but JACC does not. Further more the term group comes up in the concept "group to role mapping", but this is a concept that's mostly outside the current spec and there are very few to no references to this in Java EE specs.
Role ref is a problematic term too, but in practice not a big issue since it defaults to Role anyway and in practice might not be used a lot.
I propose to first investigate whether clearer names are possible, but independent of that at least clearly specify the different types of roles that are currently in use.
A possible way to clarify the role hierarchy is to take inspiration from the EJB JNDI name spaces and use the terms "global", "application" and "module" as follows:
| Term | Meaning | | Global role | Organization wide role | | Application Role | Application wide role | | Component Role | Component wide role |