Regarding java.security.acl Package Deprecation

Rosha, Ken (krosha@pdi-corp.com)
Wed, 14 Jul 1999 08:46:00 -0500

Message-Id: <199907141341.GAA20794@mail.java.sun.com>
From: "Rosha, Ken" <krosha@pdi-corp.com>
To: "Java Security @ java.sun.com" <java-security@java.sun.com>
Subject: Regarding java.security.acl Package Deprecation
Date: Wed, 14 Jul 1999 08:46:00 -0500

I've seen in the javadocs for this package, and in various other places,
that the java.security.acl package is/will be deprecated or superseded.

I've looked at the other existing Java security packages, and I see no
equivalent functionality for creating ACLs which are associated with users
of Java applications.

Very shortly, our company will begin development of web-enabled,
distributed, server-based applications, in which we will need to
authenticate users of our applications, and to validate their authorizations
to our applications. One of the very first applications we build will be a
User Management application for setting up users and groups, and granting
permissions to them within our other applications.

The java.security.acl package seemed to have some of the base functionality
which we need, but if it is going to be deprecated, we do not want to use
it. Also, I've also read that the Java Authentication and Authorization
Service (JAAS) API will not be available until the 'kestrel' (JDK1.3
release).

The other Java security packages (java.security,
java.security.java.security.cert, java.security.interfaces,
java.security.spec) do not appear to have any sort of a user
authentication/authorization focus.

I would appreciate any help/direction which you could provide. Our need is
immediate.

Ken Rosha

krosha@pdi-corp.com

612-573-7746

Personnel Decisions International Corp.
900 Peavey, 730 Second Avenue South
Minneapolis, MN 55402