Werner Keil

This is applied, thanks @evanjs for the patch. Could everyone (also @addict3d, maybe @andi-huber) check it out in the 2.2-SNAPSHOT build of Indriya? Changing the status to "in Review", if...

@waynebeaton, @ivargrimstad Is that an acceptable practice, also for other specs including [MVC](https://www.mvc-spec.org/) or NoSQL, or [CDI-Spec](http://www.cdi-spec.org/), although that has a different logo now anyway? [NoSQL.org](http://www.jnosql.org/) is a bit different...

Eclipse and with it also "EE4J" I guess have slightly different restrictions or permissions than your average JUG or a random Open Source project on GitHub. Please clarify with @ivargrimstad,...

Thanks for the clarification, I assume regardless of spec or implementation projects this also applies to [JNoSQL](http://www.jnosql.org/).

@arjantijms As this looks like a bug or problem it may be due for the Jakarta EE 8 branch. What are the planned versions of Jakarta Security that should contribute...

That sounds very specific. We don't have anything for **OAuth** either, so what about OAuth2? https://auth0.com/docs/protocols/openid-connect-protocol and similar sites clearly state, that OpenIDConnect is just a layer and extension to...

As long as they are properly separated and isolated from each other, I don't see a problem with an "oidc" or "oic" package similar to what we got with "http"...

Then what's the benefit of adding something new to the spec/API that maybe not every implementor wishes to support? There was a discussion about [Optional Features](https://docs.google.com/document/d/1O5MnbQRn8RWkM4BpJth9VqGfhKLBZfFzK_fpIyZ_2vw/edit) today in the Spec...

Even if there may not be any optionality on this level (e.g. in the TCK) we should get a little more modular and break the API into modules like `jakarta.security.enterprise.authentication.mechanism.http`...

Where would the list be by now? And what about https://github.com/eclipse-ee4j/security-api/pull/185 ?