directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Steve Moyer <>
Subject OpenJDK Security Group Q&A
Date Thu, 22 Sep 2016 14:56:52 GMT

During the birds-of-a-feather session titled "OpenJDK Security Group: Discussion and Q&A"
on Tuesday night, there were relatively detailed discussions of what changes (plus and minus)
might be made in OpenJDK 9 and 10.  Once the module system (Jigsaw) is in place, there are
also plans to eliminate many of the restricted Sun classes and to hide others.

Those of us who have been careful not to use these restricted classes, we've often recreated
the code (in some facsimile).  Part of the discussion also focused on which classes would
be useful to the community if they were made public.  Since there is Kerberos protocol code
in the Kerberos implementation of the LoginContext and LDAP protocol code underlying JNDI
connections to LDAP, these are potential candidates.

The OpenJDK security group asked us to provide a list of what classes (or packages of classes)
might be useful to the community.  Here are some of the packages we discussed:

- GSSAPI Enhancements with more public methods (this is planned)
- SSLEngine (enhance and make more methods public)
- ASN.1

So ... what other categories of classes would be useful?  The Apache Directory project obviously
maintains code that performs the same functions - wouldn't it be nice if the JDK itself took
over some of the low-level protocol code (especially where it already exists).  If we collect
a list in this email thread I'd be happy to pass it along.


“Object-oriented programming is an exceptionally bad idea which could only have originated
in California.” – Edsger Dijkstra

View raw message