tag:blogger.com,1999:blog-6940728126479075612.post8210570906137874481..comments2023-02-18T06:09:34.778-06:00Comments on Anil's Security & Identity Management Blog: Security is way underspecified in Java EEUnknownnoreply@blogger.comBlogger1125tag:blogger.com,1999:blog-6940728126479075612.post-12564048285068284472008-03-03T01:49:00.000-06:002008-03-03T01:49:00.000-06:00Well said, Anil.Something that shouldn't be overlo...Well said, Anil.<BR/><BR/>Something that shouldn't be overlooked is authorization for web services as well. An authz framework that handles web/servlet, EJB, portlets, web services and the like would be fantastic.<BR/><BR/>I think the biggest benefit of a unified framework would be the standard way of passing user credentials and user context from the app server to the security layer. This is something that's really, really lacking.<BR/><BR/>(This is Craig from IBM... I can't work out how to link this comment back to my personal site?)Craighttps://www.blogger.com/profile/13240223578448611381noreply@blogger.com