I was also thinking about a Johnzon extension (kinda) -- Jean-Louis Monteiro http://twitter.com/jlouismonteiro http://www.tomitribe.com
On Tue, Feb 13, 2018 at 3:53 PM, Mark Struberg <strub...@yahoo.de.invalid> wrote: > I know JWT a bit and I wonder whether doing the signing part is just a bit > of Json (JSON-P) + commons-crypto? > After all JWT is especially designed to be lightweight and straight > forward. > > LieGrue, > strub > > > > > Am 13.02.2018 um 15:33 schrieb Romain Manni-Bucau <rmannibu...@gmail.com > >: > > > > 2018-02-13 15:28 GMT+01:00 Jean-Louis Monteiro <jlmonte...@tomitribe.com > >: > > > >> Thanks for the feedback Jon. > >> > >> I had a couple of exchanges with Rudy which is happy to contribute some > >> code as well. > >> From what I have understood and seen, most of the code is integration > code > >> and there is at least from my current knowledge a little bit of code to > put > >> together in a reusable manner in a reusable library (where ever it > sits). > >> I was planning to do a quick prototype and get it to work from end to > end > >> into a working branch so we can move the discussion forward and see > exactly > >> where we go. > >> > >> Regarding the signing library, I am kinda on the same page. > >> I don't see myself rewriting Johnzon to parse JSON and then Jose or > Nimbus > >> to do signing. There is absolutely no point at least for the POC. Again, > >> we'll see if I get something working what we can do. > >> > >> > >> > > Agreeing for a PoC but for a production ready software it is if it can > > conflict or bring drawbacks to the users to import the solution. The json > > lib should at least be pluggable - avoids to shade/rewrite anything but > let > > the integrator use what he already has. Side note for json: for the > overall > > consistency using JSON-P makes it easy to get a common API which doesn't > > need any investment and solves that "plug your impl" smoothly. For the > > signing part it is a bit different since it will easily bring a huge > stack > > - how many bring jackson, simple-json, ... by default and are not > > pluggable. This is an issue and can even lead to not working > installations. > > If you doubt I have like 700 components to show you it is not a random or > > theorical thought. Investment is also quite light so not sure it does > worth > > speaking about it days. > > > > > >> > >> > >> > >> -- > >> Jean-Louis Monteiro > >> http://twitter.com/jlouismonteiro > >> http://www.tomitribe.com > >> > >> On Tue, Feb 13, 2018 at 12:43 PM, John D. Ament <johndam...@apache.org> > >> wrote: > >> > >>> > >>> > >>> On 2018/02/12 20:42:58, Jonathan Gallimore < > jonathan.gallim...@gmail.com > >>> > >>> wrote: > >>>> On Mon, Feb 12, 2018 at 8:20 PM, Romain Manni-Bucau < > >>> rmannibu...@gmail.com> > >>>> wrote: > >>>> > >>>>> No Andy, as mentionned in the discussion Geronimo hosts the > >>> microprofile > >>>>> @asf. This is why jwt should probably be done in geronimo which is > >> the > >>> asf > >>>>> ee related project umbrella. > >>>>> > >>>> > >>>> I don't recall that discussion. Where did it take place? > >>> > >>> I *think* he meant me. The only time JWT came up on Geronimo was at > [1]. > >>> I had mentioned bringing over an impl based on Jose4J, Romain felt very > >>> strongly we mustn't rely on 3rd party libraries. I'm not sure why that > >> is, > >>> but it seemed based on the discussion we had two different aims so it > >>> wasn't something I pushed forward on. If there's interest within TomEE > >> to > >>> get a JWT impl up and running, I'd be happy to help (though I do feel > >>> strongly relying on a 3rd party lib for the actual signature > validation + > >>> external sig support is important; to avoid that overhead). > >>> > >>> RE MP @ TomEE/Geronimo. I don't believe there's any hard or fast rules > >>> about what projects are allowed to host. For example, there's interest > >>> within Skywalking to host the CDI and JAX-RS extensions to support > >> OpenApi; > >>> but this spec doesn't represent something any server vendor would > support > >>> since its really about your APM solution. CXF happily took on the MP > >> Rest > >>> Client when I proposed it; though I would hope TomEE relies on the CXF > >>> library instead of crafting their own client (selfish desires). The > JWT > >>> spec is weird, because it defined non MP runtime behavior in addition > to > >> MP > >>> runtime behavior; so there may be more integration work in a fuller app > >>> server like TomEE. > >>> > >>> </peanut-gallery> > >>> > >>> John > >>> > >>> [1]: https://lists.apache.org/thread.html/ > 4edc997cfe2e45aaf25bb118bc6216 > >>> 34c2832641cf3a9d954a6f7245@%3Cdev.geronimo.apache.org%3E > >>> > >>>> > >>>> > >>>>> > >>>>> I understand it is not the most convenient for tomitribe which > >> probably > >>>>> perfers to own the full project(s) but as a foundation member I d > >>> really > >>>>> like to not let company details pollute projects > >>>> > >>>> > >>>>> Also the discussion made clear to not do it in current repo whatever > >>>>> project is used as umbrella so we should revert that and finish the > >>>>> discussion before any action to not kill tomee project by a hard > >>> company > >>>>> driven management making it no more in the OSS spirit. > >>>>> > >>>> > >>>> I agree the discussion should happen first, and I note that the change > >>> has > >>>> been reverted. I recall that we agreed on this list that we'd create > >> new > >>>> git projects for Sheldon and Chatterbox under the TomEE umbrella. > >> Should > >>>> other components sit under TomEE, I imagine that they would follow the > >>> same > >>>> pattern - i.e. discuss first, agree location, create repo or move > >> things > >>>> around as appropriate. > >>>> > >>>> I don't know what your specific issues are here, but I think you are > >>> making > >>>> some assumptions that are simply not true. > >>>> > >>>> Jon > >>>> > >>>> > >>>> > >>>>> > >>>>> Le 12 févr. 2018 21:14, "Andy Gumbrecht" <agumbre...@tomitribe.com> > >> a > >>>>> écrit : > >>>>> > >>>>>> "Parts of the components skeletons you just created" > >>>>>> > >>>>>> They're just logically named empty modules for pending work? > >>>>>> > >>>>>> > >>>>>> On 12/02/18 20:42, Mark Struberg wrote: > >>>>>> > >>>>>>> And what's that for? > >>>>>>> > >>>>>>> Is there any behind the scene stuff going on at Tomitribe or can > >> we > >>>>>>> finally get back to discussing such things on the Apache lists? > >>>>>>> > >>>>>>> Before we go on I'd would first finish the discussion how we want > >> to > >>>>> turn > >>>>>>> TomEE into an umbrella project or how the structure would be. And > >>>>>>> whether/how we want to integrate the modular Geronimo parts into > >> one > >>>>>>> project or not. > >>>>>>> > >>>>>>> Parts of the components skeletons you just created do already > >> exist > >>> at > >>>>>>> the ASF. > >>>>>>> > >>>>>>> LieGrue, > >>>>>>> strub > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> On Monday, 12 February 2018, 20:22:53 CET, Andy Gumbrecht < > >>>>>>> agumbre...@tomitribe.com> wrote: > >>>>>>> > >>>>>>> > >>>>>>> Added project stubs: > >>>>>>> https://github.com/apache/tomee/tree/master/microprofile > >>>>>>> > >>>>>>> Andy. > >>>>>>> > >>>>>>> > >>>>>>> On 05/02/18 11:17, Jean-Louis Monteiro wrote: > >>>>>>>> Hi, > >>>>>>>> > >>>>>>>> Ok thanks guys. > >>>>>>>> @Rudy, you are most welcome :) > >>>>>>>> > >>>>>>>> -- > >>>>>>>> Jean-Louis Monteiro > >>>>>>>> http://twitter.com/jlouismonteiro > >>>>>>>> http://www.tomitribe.com > >>>>>>>> > >>>>>>>> On Fri, Feb 2, 2018 at 11:39 AM, Rudy De Busscher < > >>>>>>> rdebussc...@gmail.com <mailto:rdebussc...@gmail.com>> > >>>>>>>> wrote: > >>>>>>>> > >>>>>>>>> I think it is a very important spec, also for non-microprofile > >>>>>>>>> implementations as it can enhance the interoperability of all > >>>>> servers. > >>>>>>>>> > >>>>>>>>> I'm also very interested in the implementation (and want to > >> help > >>> a > >>>>> bit > >>>>>>> with > >>>>>>>>> it also :) ) > >>>>>>>>> > >>>>>>>>> regards > >>>>>>>>> Rudy > >>>>>>>>> > >>>>>>>>> > >>>>>>>>> > >>>>>>>>> On 2 February 2018 at 11:23, Mark Struberg > >>> <strub...@yahoo.de.invalid > >>>>>>> <mailto:strub...@yahoo.de.invalid>> > >>>>>>>>> wrote: > >>>>>>>>> > >>>>>>>>>> To clarify this even further: > >>>>>>>>>> The Geronimo Server is now officially dead. > >>>>>>>>>> But the Geronimo project is not. It alredy contains quite a > >> few > >>>>>>> modular > >>>>>>>>>> parts which are reused in many ASF projects and also outside. > >>>>>>>>>> Examples is the geronimo-transaction-manager, > >> geronimo-javamail, > >>>>>>>>>> geronimo-config, xbean-finder, etc > >>>>>>>>>> > >>>>>>>>>> Of course it would probably make sense to fold those 2 > >> projects > >>>>>>> together, > >>>>>>>>>> as already discussed in the past. > >>>>>>>>>> I'm still all open to it, but I have an important criterium to > >>>>> fulfil: > >>>>>>>>>> If we move those portable parts to TomEE, then this would mean > >>> that > >>>>>>> TomEE > >>>>>>>>>> would become an 'Umbrella project'. > >>>>>>>>>> And further that we would need a new name for those portable > >>> parts. > >>>>>>>>>> They would effectively be mainatained by the TomEE community > >>> (which > >>>>>>> has a > >>>>>>>>>> big overlap with Geronimo anyway) but those parts must clearly > >>> be > >>>>>>>>>> recognized separately from TomEE. > >>>>>>>>>> > >>>>>>>>>> Otherwise people will assume that those parts only work within > >>>>> TomEE - > >>>>>>>>>> where in reality they would even work on WildFly or Liberty, > >>> etc. or > >>>>>>>>> even a > >>>>>>>>>> naked Tomcat. > >>>>>>>>>> Got me? > >>>>>>>>>> > >>>>>>>>>> We might e.g. brand them as 'TomEE Geronimo Spare Parts > >>> Department' > >>>>> :) > >>>>>>>>>> > >>>>>>>>>> LieGrue, > >>>>>>>>>> strub > >>>>>>>>>> > >>>>>>>>>> PS: I'd also love to keep the org.apache.geronimo package name > >>> to > >>>>> ease > >>>>>>>>>> backward compatibility. > >>>>>>>>>> > >>>>>>>>>> > >>>>>>>>>>> Am 02.02.2018 um 11:08 schrieb Romain Manni-Bucau < > >>>>>>>>> rmannibu...@gmail.com <mailto:rmannibu...@gmail.com> > >>>>>>>>>>> : > >>>>>>>>>>> > >>>>>>>>>>> 2018-02-02 11:05 GMT+01:00 Otávio Gonçalves de Santana < > >>>>>>>>>>> osant...@tomitribe.com <mailto:osant...@tomitribe.com>>: > >>>>>>>>>>> > >>>>>>>>>>>> Guys, I have a question: > >>>>>>>>>>>> > >>>>>>>>>>>> Why not a project to each implementation? > >>>>>>>>>>>> > >>>>>>>>>>> this is the case but geronimo is used as an umbrella project. > >>>>>>>>>>> > >>>>>>>>>>> > >>>>>>>>>>>> This way I can use just a specific if I want also. > >>>>>>>>>>>> > >>>>>>>>>>> exactly the goal and user usage AFAIK ;) > >>>>>>>>>>> > >>>>>>>>>>> long story short: we learnt from the past errors and since > >>> always > >>>>> the > >>>>>>>>>> same > >>>>>>>>>>> people work on these projects it is better to not split it > >>> accross > >>>>> N > >>>>>>>>>>> communities since > >>>>>>>>>>> it leads to a lot of efforts for these people. Having a > >> single > >>>>>>> umbrella > >>>>>>>>>>> project with N subprojects reduces the administrative work > >> etc > >>> and > >>>>>>>>>> enhance > >>>>>>>>>>> the projects productivity. > >>>>>>>>>>> > >>>>>>>>>>> > >>>>>>>>>>>> On Fri, Feb 2, 2018 at 7:44 AM, Romain Manni-Bucau < > >>>>>>>>>> rmannibu...@gmail.com <mailto:rmannibu...@gmail.com>> > >>>>>>>>>>>> wrote: > >>>>>>>>>>>> > >>>>>>>>>>>>> Hi JL, > >>>>>>>>>>>>> > >>>>>>>>>>>>> Microprofile apache effort is hosted in geronimo and John > >>> already > >>>>>>>>> spoke > >>>>>>>>>>>>> about it I think. Would probably saner to keep it all at > >> the > >>> same > >>>>>>>>> place > >>>>>>>>>>>> for > >>>>>>>>>>>>> the foundation. > >>>>>>>>>>>>> > >>>>>>>>>>>>> > >>>>>>>>>>>>> Romain Manni-Bucau > >>>>>>>>>>>>> @rmannibucau <https://twitter.com/rmannibucau> | Blog > >>>>>>>>>>>>> <https://rmannibucau.metawerx.net/> | Old Blog > >>>>>>>>>>>>> <http://rmannibucau.wordpress.com> | Github < > >>> https://github.com/ > >>>>>>>>>>>>> rmannibucau> | > >>>>>>>>>>>>> LinkedIn <https://www.linkedin.com/in/rmannibucau> | Book > >>>>>>>>>>>>> <https://www.packtpub.com/application-development/java- > >>>>>>>>>>>>> ee-8-high-performance> > >>>>>>>>>>>>> > >>>>>>>>>>>>> 2018-02-02 9:39 GMT+01:00 Jean-Louis Monteiro < > >>>>>>>>>> jlmonte...@tomitribe.com <mailto:jlmonte...@tomitribe.com> > >>>>>>>>>>>>> : > >>>>>>>>>>>>> > >>>>>>>>>>>>>> Hi all, > >>>>>>>>>>>>>> > >>>>>>>>>>>>>> I was wondering if we could have the Microprofile JWT > >>>>> implemented > >>>>>>> in > >>>>>>>>>>>>> TomEE. > >>>>>>>>>>>>>> What do you think? > >>>>>>>>>>>>>> > >>>>>>>>>>>>>> I was reading the spec and I'd like to contribute that in. > >>>>>>>>>>>>>> > >>>>>>>>>>>>>> Jean-Louis > >>>>>>>>>>>>>> > >>>>>>>>>>>>>> -- > >>>>>>>>>>>>>> Jean-Louis Monteiro > >>>>>>>>>>>>>> http://twitter.com/jlouismonteiro > >>>>>>>>>>>>>> http://www.tomitribe.com > >>>>>>>>>>>>>> > >>>>>>>>>> > >>>>>>> > >>>>>>> -- > >>>>>>> Andy Gumbrecht > >>>>>>> https://twitter.com/AndyGeeDe > >>>>>>> > >>>>>>> http://www.tomitribe.com > >>>>>>> > >>>>>>> https://www.tomitribe.io > >>>>>>> > >>>>>>> > >>>>>>> Ubique > >>>>>>> > >>>>>>> > >>>>>>> > >>>>>> -- > >>>>>> Andy Gumbrecht > >>>>>> https://twitter.com/AndyGeeDe > >>>>>> http://www.tomitribe.com > >>>>>> https://www.tomitribe.io > >>>>>> > >>>>>> > >>>>>> Ubique > >
