The problem with authx is that it doesn't convey the other two areas that round out the project's functionality: Cryptography and Session Management.
And thanks for contributing suggestions. It is really hard to pick a name that clears multiple criteria, so I appreciate the effort :) On Mon, Mar 16, 2009 at 9:55 AM, Ben <[email protected]> wrote: > What about using terminology from JSecurity itself? > > something like : RealmSec > > ... or decoupling JSec from Java by claiming it stands for Just Security ? > > Similarly, it's common to refer to Authorization and Authentication as > Authz and Authc, so why not authx? That's quite cool? > > It seems like a real risk that you're going to just pick a sub-optimal name > on a whim here. Let the discussion carry on a while. > > At first glance, they all seem plausibly available. > > Kindest Regards, > > Ben > > > Les Hazlewood wrote: > >> Hi Kalle, >> >> Yes, I agree - it is a bit of a stretch for an abbreviation, but I was >> really looking for a random made-up word that _could_ be based on a more >> direct name for a security project. It seems like Aseca does alright in >> that space. >> >> I guess it might sound like Acegi a bit, but maybe because of my ignorance >> of Acegi, I just never thought of that. The other thing is that >> particular >> project is no longer called Acegi, and given that our name is different >> (enough) and founded based on an abbreviation (of sorts), I don't think >> we'd >> have any problems. >> >> I also thought of just using Asa or Asea, but there are many more search >> hits for those two terms and wouldn't give us decent google visibility >> (and >> might actually be a conflict, I'm not sure), whereas Aseca seems to be >> more >> ideal in the 'hit factor' department. At least it clears all the major >> criteria for finding a new name that I can think of... >> >> - Les >> >> On Sat, Mar 14, 2009 at 1:39 PM, Kalle Korhonen >> <[email protected]>wrote: >> >> >> >>> As an abbreviation, feels a bit forced, but as a random made-up word >>> Aseca >>> sounds alright. A bit close to Acegi, which could be good or bad and then >>> again, they renamed that project to Spring Security (Acegi 2 anyone? :) >>> >>> Kalle >>> >>> >>> On Sat, Mar 14, 2009 at 8:30 AM, Les Hazlewood <[email protected] >>> >>> >>>> wrote: >>>> Ok, I think I might have a winner here: >>>> >>>> Application SECurity Api (ASECA) >>>> >>>> Nothing comes up at all in a USPTO search, it is generic, kinda rolls >>>> off >>>> the toungue/easy to pronounce, it does not assume an Apache 'blanket' >>>> project, and best, it does not have any existing software projects that >>>> I >>>> can find. In fact, there is only one decent match from google for the >>>> "Association of Securities and Exchange Commission Alumni", which I >>>> don't >>>> think anyone will disagree is _totally_ different and unrelated to our >>>> project. There are some PDFs that reference 'aseca', but none are >>>> >>>> >>> related >>> >>> >>>> to software or security. >>>> >>>> What do you guys think? This might be the best I can come up with... >>>> >>>> - Les >>>> >>>> On Fri, Mar 13, 2009 at 9:15 PM, Alan D. Cabrera <[email protected] >>>> >>>> >>>>> wrote: >>>>> On Mar 13, 2009, at 10:09 AM, Les Hazlewood wrote: >>>>> >>>>> Now that I've had time to think about it more, if ASF and the >>>>> >>>>> >>>> Incubator >>> >>> >>>> are >>>>>> ok with 'Apache Security', I think we should try to use that as the >>>>>> project >>>>>> name. >>>>>> >>>>>> This would certainly open up the floodgates for lots of contributions >>>>>> >>>>>> >>>>> from >>>> >>>> >>>>> the ASF community and new ideas, given that it would have wider >>>>>> visibility. >>>>>> Many projects (Geronimo, Tomcat, et. al) could all help guide us as to >>>>>> what >>>>>> they would want. I think that'd be great for the project's >>>>>> >>>>>> >>>>> livelihood, >>> >>> >>>> as >>>> >>>> >>>>> well as be nice for the ASF community as a place where they could >>>>>> consolidate and focus efforts. >>>>>> >>>>>> >>>>>> >>>>> That's the case for us right now. Interest in this project is based >>>>> >>>>> >>>> solely >>>> >>>> >>>>> on the product itself and the openness of the community, not by the >>>>> implication of the name. >>>>> >>>>> Mentors - do you think we could use that name? (Or Apache Security API >>>>> >>>>> >>>> or >>>> >>>> >>>>> Apache Security Framework, or whatever)? >>>>>> >>>>>> >>>>>> >>>>> There would be HUGE resistance from the other projects that are doing >>>>> >>>>> >>>> their >>>> >>>> >>>>> own security mechanisms. >>>>> >>>>> IMO, let a thousand flowers bloom. >>>>> >>>>> >>>>> Regards, >>>>> Alan >>>>> >>>>> >>>>> >>>>> >>>>> >>>>>> On Fri, Mar 13, 2009 at 4:14 AM, Emmanuel Lecharny < >>>>>> >>>>>> >>>>> [email protected] >>>> >>>> >>>>> wrote: >>>>>>> >>>>>>> >>>>>> David Jencks wrote: >>>>>> >>>>>> >>>>>>> >>>>>>> >>>>>>>> On Mar 12, 2009, at 11:50 AM, Les Hazlewood wrote: >>>>>>>> >>>>>>>> Per this thread: >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>>> http://www.jsecurity.org/node/1081#comment-289 >>>>>>>>> >>>>>>>>> It appears that we can't use Ki. >>>>>>>>> >>>>>>>>> So far the development team seems to be happy with "Apache Security >>>>>>>>> API", >>>>>>>>> which can have (good) far reaching implications for a good quality >>>>>>>>> framework. Any objections? >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>> I think it implies that this project is happy to include all java >>>>>>>> security >>>>>>>> work at apache. For instance, would you be happy to include a xamcl >>>>>>>> jacc >>>>>>>> implementation that did not use your Subject but rather the JAAS >>>>>>>> subject? >>>>>>>> It would certainly be a java security implementation but AFAICT has >>>>>>>> little >>>>>>>> to no overlap with what you are doing now. >>>>>>>> >>>>>>>> I think it also has a connotation that apache has somehow approved >>>>>>>> >>>>>>>> >>>>>>> your >>>> >>>> >>>>> api and all projects needing java security are expected to use it. >>>>>>>> >>>>>>>> Dunno if anyone else gets these ideas from the name but I do. And >>>>>>>> >>>>>>>> >>>>>>> I'm >>> >>> >>>> certainly not implying anything about the nature or quality of this >>>>>>>> project.... just that naming one project for the entire field of >>>>>>>> >>>>>>>> >>>>>>> which >>> >>> >>>> it is >>>>>>>> an example may not be without problems and implications. >>>>>>>> >>>>>>>> There is some implication that need to be overviewed, that's for >>>>>>>> >>>>>>>> >>>>>>> sure. >>>> >>>> >>>>> Now, >>>>>>> we may need a general security umbrella for many different project >>>>>>> related >>>>>>> to security. This could be a good starting point. >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> -- >>>>>>> >>>>>>> cordialement, regards, >>>>>>> Emmanuel Lécharny >>>>>>> www.iktek.com >>>>>>> directory.apache.org >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>> >> >> > >
