►
From YouTube: Jakarta Security | JakartaOne Livestream 2021
Description
Jakarta EE gives developers a comprehensive set of vendor-neutral, open specifications that are used for developing modern, cloud native Java applications from the ground up. With Jakarta EE, technology developers and consumers can be confident they have the best technologies for developing cloud native, mission-critical applications. And they can build on decades of Java developer expertise to move existing workloads to the cloud.
Learn more: https://jakarta.ee/
Follow us on Twitter: https://twitter.com/home
Follow us on LinkedIn: https://www.linkedin.com/showcase/jakartaee/
Like us on Facebook: https://www.facebook.com/JakartaEE/
A
And
welcome
back
we're
here
in.
A
And
this
time
this
session,
we're
gonna
talk
about
security
and
security
is
more
important
than
ever
and
with
us
here
to
talk
about
the
jakarta
security
specifications
are
vernon
kyle,
so
welcome
badler.
B
B
First,
just
a
very
brief
overview
about
myself,
so
I
I
work
in
many
open
source
projects,
work
as
a
software
architect
and
developer
anywhere
from.
B
An
obsolete
of
two
csrs
in
the
child
community
process
and
also
currently
the
committee
member
in
the
jakarta
ie
specification
committee,
so
the
jakarta
ee
security
specs
are
currently
made
up
of
three
pillars.
If
you
want
check
out
the
authentication
check
out
the
authorization
and
jakarta
security.
B
There
are
two
ways
that
jakarta
ee
supports
the
configuration
of
an
application
and
the
security
functionalities
either
using
the
standard
apis
or
you
can
also
go
through
the
runtime
or
server
specific
ones,
or
a
combination
of
both.
B
So
the
first
spec
jakarta
authentication
is
a
portable
api
for
authentication
mechanisms.
B
It
abstracts
how
to
access
the
identity
store
against
which
to
authenticate,
it's
usually
quite
simple:
to
configure
it's
extensible
to
support
protocols,
for
example
off
and
open
id
connect
with
jakarta
ee10.
There
will
also
be
some
of
it
that
comes
out
of
the
box.
B
B
And
then,
on
the
application
level,
we
have
jakarta
security,
which
is
often
the
only
spec
or
api
that
users
deal
with.
So
they
often
don't
realize
that
they
also
use
the
other
two,
because
they're,
usually
hidden
under
the
hood
and
chakata
security,
is
the
one
that
actually
exposes
all
the
three
of
them
to
the
end
users
and
the
applications
it
standardizes.
The
terminology
there's
an
api
for
the
authentication
mechanisms
again
on
top
of
jakarta
authentication,
there's
an
identity,
store,
a
security
context
and
a
role
permission
assignment.
B
So
with
jakarta
ee10
each
of
these
specs
will
be
upgraded
authorization,
as
you
see,
on
the
on.
The
second
digit
probably
has
the
the
smallest
changes,
while
the
other
two
are
both
released
in
version
3.0.
B
In
jakarta
authentication
there
will
be
new
and
updated
profiles,
especially
the
servlet
container
light
profile,
a
rest
profile,
while
the
soap
profile
is
declared
as
stable.
So
that
means
eventually
in
the
future
version
it
may
also
become
optional,
but
at
the
moment
it's
declared
stable.
B
B
B
Now,
together
with
aryan
who,
I
guess
most
of
you
will
have
listened
to
his
session
a
little
earlier
today
with
theo
bis
from
the
java
user
group,
the
three
of
us
are
working
on
a
book
called
the
definitive
guide
to
check
out
the
ee
security
dealing
with
all
these
three
mansion
specs,
including
an
outlook
to
jakarta,
ee10
and
also
looking
at
some
of
the
other
frameworks
out
there,
for
example,
are
spring
security
or
key
cloak,
as
well
as
how
they
can
interact
with
jakarta
ee
and
where
the
differences
are
and
where,
for
example,
several
of
these
also
built
on
top
of
jakarta,
ee
or
earlier
versions
on
the
java
ee
and
how
you
can
make
them
work
together
for
the
best
security
support
of
your
applications.
A
Yeah,
so
anyone
who
has
any
questions
for
werner
can
post
them
in
in
the
broadcast
chat
or
in
the
question
section
there,
and
if
we
don't
have
time
to
answer
all
these
questions
here,
werner,
I'm
sure
you
will
join
the
the
chat
session
afterwards
and
answer
all
the
questions
there.
C
A
So
and-
and
you
said,
your
book
will
be
available
later
this
year
or
no
early
next
year-
yes
early
next
year,
so
are
there
any
previews
that
people
can
can
look
at
or
or
something
like
that.
B
I
believe
we
spoke
to
the
editors
about
the
preview
program.
Theo
asked
about
it,
so
if
previous
are
available,
then
please
also
follow
the
jakarta
sec
book.
Twitter
handle
it's
also
here
on
the
on
the
slides.
So
if
there
are
questions
or
comments
or
something
directly
to
myself,
then
please
use
my
personal
twitter
handle
and
otherwise
feel
free
to
follow
or
ask
the
jakarta
sac
book
handle
for
news
about
the
book
or
those
of
you
who
are
interested
to
do
a
an
early
review.
B
Make
sure
that
those
of
you
who
are
interested
get
a
get
an
early
access
to
it
and
yeah.
C
B
Sure,
if
the
book
will
be
printed
on
paper,
or
at
least
as
an
e-book,
but
since,
together
with
you
eva,
we
are
also
fingers
crossed
in
a
person,
be
able
to
talk
about
this
at
java
land.
So
there
will
definitely
be
more
about
it
because
in
an
ideal
world
the
book
should
already
be
available,
or
at
least
this
as
an
early
preview.
And
maybe,
if
I
already
have
the
book
I
can,
I
could
also
offer
it
to
to
the
audience
there.
C
A
A
Days
so
so,
and
and
I'm
very
happy
to
see
the
stuff
that
is
being
done
in
the
security
spec
and
and
if
there
are
anybody
out
there
who
wants
to
participate,
then
there
are
lots
of
stuff
happening
on
the
github
issue
tracker
on
the
mailing
list,
so
so
to
join
the
discussion
and
and
even
contribute
code
by
submitting
pull
requests.
But
like
the
open
id
connect
functionality,
I
think
was
contributed
more
or
less
via
broadcast.
B
Yes,
I
think
a
lot
of
it
was
done
with
the
help
of
payara,
but
other
than
that.
This.
This
pack
is
one
of
the
good
examples
that
are
driven
by
almost
entirely
individuals
and
not
one
or
two
big
vendors.
So,
while
of
course,
we
have
a
lot
of
specs
that
are
driven
by
red
hat,
ibm,
oracle
and
other
companies
here,
of
course,
there
is
some
great
help
by
payara,
but
a
lot
of
the
stuff
is
also
done
by
individuals,
including
myself
and,
of
course,
aryan,
who
leads
all
of
these
three
specs
so
yeah.
B
It's
definitely
something
that
is
similar
to
a
view
of
the
other
specs.
We
also
see
that
in
rest,
I
believe
where
we
have
some
dedicated
individuals
or
in
the
sequel,
so
many
of
those
new
specs
that
come
up
are
driven
more
by
individual
contributors
and
members
of
the
community
and
not
entirely
and
not
exclusively
by
big
or
smaller
companies.
B
And,
of
course,
if
some
of
you
are
interested
in
security
and
you
want
to
participate,
more
help
is
definitely
welcome.
Yeah.
A
C
A
The
the
the
programming
models
and
and
the
configuration
of
security
and
allowing
the
developers
to
do
this
within
the
application.
So
you
don't
need
to
be
a
security
aspect
to
create
a
secure,
secure
application.
C
So
I
think
we
need
to
wrap
up
and
and
move
along,
but
werner.
Thank
you
so
much
and
especially
highlighting
your
book
and
ducati
security
book.
So
we'll
move
along
we'll.
Thank
you
again
and
see
you
in
just
a
couple
of
minutes,
we'll
just
switch
and
pull
everyone
in
into
the
following
session
of
the
crowdcast.