Re: JSecurity's new name

Wed, 03 Dec 2008 10:51:16 -0800 

I like JSecurity best but if its not possible...
I recently discovered jsecurity is in the incubator.... wish I'd known that a few months ago. 

The following is not intended to be blackmail :-)


I've been interested for a couple years in a having a simple  
implementation of hierarchical rbac.  I didn't see how I'd start a  
community around it at apache so started a project at codehaus, wrote  
a little code, and promptly ran out of time.  Jason van Zyl found a  
great name for it.... Soter,   http://www.theoi.com/Daimon/Soter.html



Anyway.... if jsecurity is interested in supporting hierarchical rbac  
(whether or not based on my codehaus project) and likes the name I'd  
happily give up the codehaus project.


many thanks
david jencks

On Dec 3, 2008, at 8:28 AM, Les Hazlewood wrote:


I also like those 3 names quite a bit.  Aside from the trademark
search that Craig pointed to, what else do we need to do?


On Wed, Dec 3, 2008 at 10:55 AM, Jeremy Haile <[EMAIL PROTECTED]>  
wrote:

Adam, thanks for all of your thoughts.

I particularly like these names you mentioned:
Apache Fortress
Apache Stronghold
Apache Shield


Of course, we need to do some due diligence on these to determine  
how likely

they could be trademark issues with other security products.

Jeremy

On Dec 1, 2008, at 7:12 PM, Adam Taft wrote:


Hi Emmanuel,


Thanks for the quick reply.  I think it goes without saying that  
I'm naive

about the Apache process, and obviously your history with them.


Alcatraz has a very dark and negative connotation.  The prison  
itself was

not looked upon favorably in the eyes of many.  It was an extremely

controversial place, to say the least.  I can't imagine the ASF  
would want a

subproject with that name.

I really like the idea of "Apache Security API."  That really works

because of the strong Apache brand prefix.  org.apache.security  
for the

package name, etc.  It means what it says.  Or, asa4j.

Some other ideas:

Apache Guard
Apache Fortress
Apache Frontline
Apache Stonewall
Apache Stronghold
Apache Redoubt
Apache Garrison
Apache Shield

Cheers,

Adam Taft


Emmanuel Lecharny wrote:


adamtaft wrote:


Hi,


Hi,



I'm not really a contributor to the JSecurity project yet  
(though I hope

to

be in the future).  However, this thread has caught my  
attention, and so

I
thought I'd give a couple of thoughts.


thanks for the detailed mail !



I have an interest, call it a hobby, in name related issues for  
software

projects, open source included.  So, though I don't speak from any
official

background (I guess beyond a little professional), I would like  
to point

out
a few things about the name Alcatraz.

First, as I believe has been mentioned, the term Alcatraz has been

associated with other software products already.  So, this is  
bad news

with

regards to trademark related issues.  Just because its a  
geographic

location

doesn't mean that it can't be trademarked.  Thus, likely these  
other
software products are going to have problems with any related  
use of the

term Alcatraz.


True. Java is also a geographical location, but I guarantee you  
you'll be
sued immediatly if you use it for a software name ... Now, is  
this the case

for Alcatraz? Might be...



Second, the connotation for JSecurity implies that the product  
is used

to
keep people out of the protected system.  This is what the term
"security"

implies, right?  Alcatraz is a prison.  It was NOT meant to keep  
people

out,

it was meant to keep people in.  The use is only quasi-related,  
and even
confusing, for a product with your feature set.  Alcatraz  
software would

be
a better name for a product which keeps workstation/network users

constrained in their internet use, like a firewall, or a web  
proxy, for

example.  Or a child internet monitoring product.


This is also something which came to my mind (I personally find  
Knox a
better fit), but it's not as important as to have a name which  
can be

recalled.


Don't underestimate the importance of this point.  The name of a
software

should ideally be somewhat self describing, especially when  
starting
out. Until the name becomes a core brand, having a self  
describing name can

make
a big difference.


This is where it starts to be difficult :) The good point is that  
we are
encapsulated by the Apache brand, and one of the rule of thumb  
you can find
on the apache site is : "Consider using functional names,  
especially for
products of existing projects, e.g. for an "Apache Foo" project,  
the product

name "Apache Foo Pipelines". "
(http://www.apache.org/dev/project-names.html)
Something like Apache Security API for Java would be a perfect fit,
except that it's a pretty long name (unless we call it asa4j :)



Third, I don't think you can underestimate how important it is  
that

people

can search the name of your product and find it through Google  
(and
friends).  Clearly the term Alcatraz has a huge number of  
unrelated

hits,

and you would clearly be lost any search engine placement with  
the name.
Much better to have a name for your software that is the only  
known
reference so that people can easily find you after having hear  
the name.
This is why so many companies go crazy and conjure completely  
strange and

nonsensical product names.


Apache related product are quickly highly ranked.


<snip>

Fifth, it seems like you're making preparations for something  
that you

don't
even know to be a problem.  Yes, the Apache legal team should be

consulted. However, it seems like jumping the gun to just start  
changing

package names
with anticipation of a name change.  You would be crazy to start
renaming

packages based on some unknown possibility that it has to happen  
in the

future.  What value does this add to the software?


None, clearly, except that at some point, it should be done.


Following the sigma-six and/or extreme programming world view, you
shouldn't
be making any change to your software until the change is actually
required
and value is added.  Do you have a pending lawsuit?


In any case, this is not something we should be waiting for.


Has the Apache council
suggested the change?



Three of this project's mentors has suggested that the name  
should be

changed. I wish we are all wrong, but I'm afraid we are not ...


Are you being blocked by the incubation process?  Why
even consider a change until it needs to be done.  Energy could be
better
spent on other matters.


This is a part of the incubation process :

"Make sure that the requested project name does not already exist  
and

check www.nameprotect.com to be sure that the name is not already
trademarked for an existing software product."

http://incubator.apache.org/projects/jsecurity.html, in Project  
setup.


<snip/>

I think you all are better just letting this thing ride until  
something

real

convicting suggests you need a change.  JSecurity is a great  
product

name
which you should stick with until otherwise needed.



But sadly, even if it's a good name, we think it's already used,  
even if

it's not trademarked. ("Trademarks exist by virtue of use, not just
registration.")


And, if that day comes,

Alcatraz is just simply the wrong name, in my humble opinion,  
for all

the
reasons mentioned above.

Thanks,


Thanks !


































					Reply via email to