Just You, Just Me
Maintaining identity and credentials
A while back, Denis Pilupchuk wrote a definitive analysis of the relative strengths and weaknesses of Java and .NET security for ONJava. This exhaustive comparison nearly got me killed by my copy-editor (most feature articles run about 2,000 words; the final installment of the series was well over 7,000), and got into serious depth about not just the obvious issues security API's should handle, but also cryptography, code protection, code containment, user authentication and access, and how far each of the approaches you got you. By the way, you can buy this whole series as an inexpensive 80-page PDF from O'Reilly's online store.
But that series was written a few years ago, and standards have updated since then. In particular, Java Authentication and Authorization Service (JAAS) was added to the JDK a while back, so that should be a common solution for everyone right? Not so fast. Denis reports that it's had a hard time integrating into EE, and in many cases, vendors have implmented proprietary and mutually incompatible approaches to dealing with JAAS/EE non-integration. This problem is compounded by the emergence of service-oriented architecture and the need to provide a common security model across heterogenous services. Denis writes: "Many enterprises with heavy investments into Java technologies have already developed sophisticated JAAS-based security stacks, both on Java SE and EE platforms. Therefore, the task at hand is to define ways for taking such JAAS-based security services to the next level, to help in linking SOA services."
In Java Today,
The Project Looking Glass team has posted a forum message detailing their plans for a 1.0 release. "'Panorama' is the code name that the LG core team members
have been using to describe the desktop aspect of LG. (As opposed to 'AppKit' which denotes the application library
aspect of LG). I just posted on the LG Twiki the plan for
Panorama Release 1.0. The main focus of this release is
stability and bug fixes. There are no new major features
planned at this time." The wiki page can be found in the Java Desktop wiki, under InfoReleases.
The Tidal Blog has a summary of the first day of the 10th Jini Community Meeting, currently wrapping up in Brussels, in the entry 10th Jini Meeting - Day +1. "One of the most interesting talks was the thought-provoking 'Beyond the choir' by Daniel Steinberg. The point was the usual paradox with Jini: it has proved to be reliable, good, substantially easy to work with, in a few words 'it works', BUT it's still a niche technology, ten years after its introduction. Is there any hidden problem lingering around?"
Key Indicator Data Systems, represented in the kids2 project, is a free GIS mapping software under development for over five years. Supported by grants from the Food and Agriculture Organization of the United Nations (FAO) and other funding bodies, KIDS is being used by numerous educational, government, and non-governmental agencies for thematic mapping and spatial analysis of indicator data.
You may think you're clever to use red text to indicate some important state in your GUI, but the red-green colorblind user is never going to see it. In today's Weblogs, Kirill Grouchnikov discusses How color-blind people see your UIs:
"According to medical studies, eight to ten percent of male population suffers from some kind of color blindness (the figure for female population is much lower). What does it mean to the average Swing developer? Well, if you rely too much on color differences, you may be not conveying the information as well as you thought."
JPRT: Build/Test System for the JDK, Kelly O'Hair reports:
"I did a little blogging on JPRT [on blogs.sun.com] but that was mostly to talk about the COOL rack of Sun hardware that I used. Now I want to talk a little more about why we need something like JPRT, and what it does for us."
Jim Hurley seems to be having a good time at the 10th Jini Community Meeting in Brussels, and says
Hey EuroOSCON! We're planning on leaving the place "messy"!
"The Meeting is open and free (like the technology), so if you're in early for EuroOSCON, you're invited to stop by."
In today's Forums,
rturnbull questions some old Swing rules-of-thumb in the thread
Re: Closures and Swing:
"> [snip] Most experienced Swing developers don't use action listeners we use Actions. Why? Other people have said the same thing. I quote from the Action javadoc: "Note that Action implementations tend to be more expensive in terms of storage than a typical ActionListener, which does not offer the benefits of centralized control of functionality and broadcast of property changes. For this reason, you should take care to only use Actions where their benefits are desired, and use simple ActionListeners elsewhere." It seems to me Actions should only be used where you have two or more components that invoke the same action, e.g. a menu entry and a toolbar button."
Bill Snyder offers his feedback on the latest SwingX component in
Re: JXStatusBar ready for public review:
"I really like the idea of having a status bar component that I can plug any bean into, rather whan having a generic JPanel subclass where the message and progress indicator is always in the same place. (Though I think common use cases like this should be readily available). Is there going to be a SwingLabs StatusBar and a JSR296 StatusBar?"
In today's java.net
News Headlines :
Faceless PDF Library 2.7.2
- Roma Framework
- iText 1.4.5
- Web Services
Description Language for Java 1.5.3
- JNIEasy 1.1 -
Registered users can submit news items for the
href="http://today.java.net/today/news/">java.net News Page using our
form. All submissions go through an editorial review before being
posted to the site. You can also subscribe to the href="http://today.java.net/pub/q/news_rss?x-ver=1.0">java.net News RSS
Current and upcoming Java
- September 12-14 - JavaZone 2006
- September 12-15 - Enterprise Java Architecture Workshop Chicago
- September 13-14 - 10th Jini Community Meeting
- September 15-17 - Pacific Northwest Software Symposium 2006
- September 22-24 - Western Canada Java Software Symposium 2006
- September 25-29 - Java Training Philippines
- September 29-October 1 - New England Software Symposium 2006: Fall Edition
- October 1-6 - JAOO
- October 3-4 - AjaxWorld Conference & Expo
- October 6-8 - Greater Atlanta Software Symposium 2006
- October 11 - NL-JUG: J-Fall
- October 13-15 - Bay Area Software Symposium 2006
- October 20-22 - Greater Toronto Software Symposium 2006
- October 23-25 - The Ajax Experience: Boston
- October 27-29 - Lone Star Software Symposium 2006: Dallas Edition
Registered users can submit event listings for the
href="http://www.java.net/events">java.net Events Page using our
href="http://today.java.net/cs/user/create/e">events submission form.
All submissions go through an editorial review before being posted to the
Archives and Subscriptions: This blog is delivered weekdays as
Today RSS feed. Also, once this page is no longer featured as the
front page of java.net it will be
archived along with other past issues in the href="http://today.java.net/today/archive/">java.net Archive.
Maintaining identity and credentials