Re: Name change (again)

[Ben]

What about using terminology from JSecurity itself?

something like :  RealmSec
... or decoupling JSec from Java by claiming it stands for Just Security ?

Similarly, it's common to refer to Authorization and Authentication as 
Authz and Authc, so why not authx?  That's quite cool?

It seems like a real risk that you're going to just pick a sub-optimal 
name on a whim here. Let the discussion carry on a while.

At first glance, they all seem plausibly available.

Kindest Regards,

Ben

Les Hazlewood wrote:
Hi Kalle,

Yes, I agree - it is a bit of a stretch for an abbreviation, but I was
really looking for a random made-up word that _could_ be based on a more
direct name for a security project.  It seems like Aseca does alright in
that space.

I guess it might sound like Acegi a bit, but maybe because of my ignorance
of Acegi, I just never thought of that.  The other thing is that particular
project is no longer called Acegi, and given that our name is different
(enough) and founded based on an abbreviation (of sorts), I don't think we'd
have any problems.

I also thought of just using Asa or Asea, but there are many more search
hits for those two terms and wouldn't give us decent google visibility (and
might actually be a conflict, I'm not sure), whereas Aseca seems to be more
ideal in the 'hit factor' department.  At least it clears all the major
criteria for finding a new name that I can think of...

- Les

On Sat, Mar 14, 2009 at 1:39 PM, Kalle Korhonen
<kalle.o.korho...@gmail.com>wrote:

  
As an abbreviation, feels a bit forced, but as a random made-up word Aseca
sounds alright. A bit close to Acegi, which could be good or bad and then
again, they renamed that project to Spring Security (Acegi 2 anyone? :)

Kalle


On Sat, Mar 14, 2009 at 8:30 AM, Les Hazlewood <lhazlew...@apache.org
    
wrote:
      
Ok, I think I might have a winner here:

Application SECurity Api (ASECA)

Nothing comes up at all in a USPTO search, it is generic, kinda rolls off
the toungue/easy to pronounce, it does not assume an Apache 'blanket'
project, and best, it does not have any existing software projects that I
can find.  In fact, there is only one decent match from google for the
"Association of Securities and Exchange Commission Alumni", which I don't
think anyone will disagree is _totally_ different and unrelated to our
project.  There are some PDFs that reference 'aseca', but none are
      
related
    
to software or security.

What do you guys think?  This might be the best I can come up with...

- Les

On Fri, Mar 13, 2009 at 9:15 PM, Alan D. Cabrera <l...@toolazydogs.com
      
wrote:
        
On Mar 13, 2009, at 10:09 AM, Les Hazlewood wrote:

 Now that I've had time to think about it more, if ASF and the
        
Incubator
    
are
ok with 'Apache Security', I think we should try to use that as the
project
name.

This would certainly open up the floodgates for lots of contributions
          
from
      
the ASF community and new ideas, given that it would have wider
visibility.
Many projects (Geronimo, Tomcat, et. al) could all help guide us as to
what
they would want.  I think that'd be great for the project's
          
livelihood,
    
as
      
well as be nice for the ASF community as a place where they could
consolidate and focus efforts.

          
That's the case for us right now.  Interest in this project is based
        
solely
      
on the product itself and the openness of the community, not by the
implication of the name.

 Mentors - do you think we could use that name? (Or Apache Security API
        
or
      
Apache Security Framework, or whatever)?

          
There would be HUGE resistance from the other projects that are doing
        
their
      
own security mechanisms.

IMO, let a thousand flowers bloom.


Regards,
Alan



        
On Fri, Mar 13, 2009 at 4:14 AM, Emmanuel Lecharny <
          
elecha...@apache.org
      
wrote:
            
 David Jencks wrote:
          
            
On Mar 12, 2009, at 11:50 AM, Les Hazlewood wrote:

Per this thread:

              
http://www.jsecurity.org/node/1081#comment-289

It appears that we can't use Ki.

So far the development team seems to be happy with "Apache Security
API",
which can have (good) far reaching implications for a good quality
framework.  Any objections?


                
I think it implies that this project is happy to include all java
security
work at apache.  For instance, would you be happy to include a xamcl
jacc
implementation that did not use your Subject but rather the JAAS
subject?
It would certainly be a java security implementation but AFAICT has
little
to no overlap with what you are doing now.

I think it also has a connotation that apache has somehow approved
              
your
      
api and all projects needing java security  are expected to use it.

Dunno if anyone else gets these ideas from the name but I do.  And
              
I'm
    
certainly not implying anything about the nature or quality of this
project.... just that naming one project for the entire field of
              
which
    
it is
an example may not be without problems and implications.

 There is some implication that need to be overviewed, that's for
              
sure.
      
Now,
we may need a general security umbrella for many different project
related
to security. This could be a good starting point.


--
--

cordialement, regards,
Emmanuel Lécharny
www.iktek.com
directory.apache.org