Name change (again)

[Les Hazlewood <lh...@apache.org>]

Per this thread:

http://www.jsecurity.org/node/1081#comment-289

It appears that we can't use Ki.

So far the development team seems to be happy with "Apache Security API",
which can have (good) far reaching implications for a good quality
framework.  Any objections?

- Les

Re: Name change (again)

[Ben <be...@autonomic.net>]

What is the vision for JSecurity?  Where is it heading? Is it a firm 
intention to support more than Java?

There are so many good points about the impact of the name on 
perceptions of the system that it might be worth having another 
discussion about what the system is, and how it is desired to be perceived?

Ben

Ben wrote:
> I second that. Ki was just downright obscure.
>
> Ben
>
> Tim Veil wrote:
>> for what its worth, I think Apache Security or Apache Security API 
>> sounds pretty darn cool.  If I were evaluating security frameworks, i 
>> would put this framework at the top of the list  because of the 
>> apache name alone.  the name is direct, self explanatory and 
>> permanently fixed to a fairly recognizable brand ;)
>>
>> Tim
>>
>>
>> On Mar 12, 2009, at 6:47 PM, Emmanuel Lecharny wrote:
>>
>>> Kalle Korhonen wrote:
>>>> On Thu, Mar 12, 2009 at 3:24 PM, Emmanuel Lecharny 
>>>> <el...@apache.org>wrote:
>>>>
>>>>
>>>> Is it up for a bet?
>>> It was just a joke :)
>>>> I'm just saying that if that thread was the only
>>>> discussion on it, it looked indecisive. If Les had more private 
>>>> discussion
>>>> with the company's representatives then it'd be entirely different 
>>>> matter.
>>>> Have you or anybody asked ASF legal? If legal is not available for 
>>>> exactly
>>>> these types of questions, then I don't know what its purpose is.
>>>>
>>> Just FYI, it's now more than two months we are discussing about this 
>>> name issue. If we decided to switch from JSecurity to Ki, it was 
>>> because Juniper Computer is already using J-Security. It appears 
>>> that the FlyerWhatever company is also using Ki, and they made us 
>>> know about it.
>>>
>>> I don't want to rehash the hundred (almost) of mails exchanged, but 
>>> be sure we already asked Legal about that, and Legal don't care, 
>>> unless we get sued. Legal don't have the time nor the men to deal 
>>> with name collision. It's up to us to find a name unlikely to be 
>>> jeopardized by an existing name.
>>>
>>> We thought that Ki was safe, and agreed about it. Bad move, and this 
>>> is very unfortunate. But in any case, we don't have time nor money 
>>> to start a dispute about the Ki name, and it's more likely that we 
>>> would lost less time discussing about a new name than trying to 
>>> unforce the existing one.
>>>
>>> I'm not pleased at all about this situation, trust me on that.
>>>
>>> PS: http://www.apache.org/legal/. This will give you some info about 
>>> what Legal is about.
>>>
>>>
>>> -- 
>>> -- 
>>> cordialement, regards,
>>> Emmanuel Lécharny
>>> www.iktek.com
>>> directory.apache.org
>>>
>>>
>>
>

Re: Name change (again)

[Les Hazlewood <lh...@apache.org>]

That was sort of the point though.  Web 2.0y names are always obscure,
specifically because they don't have any existing name conflicts.  Twitter,
Hadoop, Gump, etc, etc.  They are purposefully obscure.  In JSecurity's
case, there wasn't a single English language security word that we felt was
viable that wasn't already taken or in use, so we had to resort to obscure
names.

On Thu, Mar 12, 2009 at 7:13 PM, Ben <be...@autonomic.net> wrote:

> I second that. Ki was just downright obscure.
>
> Ben
>
>
> Tim Veil wrote:
>
>> for what its worth, I think Apache Security or Apache Security API sounds
>> pretty darn cool.  If I were evaluating security frameworks, i would put
>> this framework at the top of the list  because of the apache name alone.
>>  the name is direct, self explanatory and permanently fixed to a fairly
>> recognizable brand ;)
>>
>> Tim
>>
>>
>> On Mar 12, 2009, at 6:47 PM, Emmanuel Lecharny wrote:
>>
>>  Kalle Korhonen wrote:
>>>
>>>> On Thu, Mar 12, 2009 at 3:24 PM, Emmanuel Lecharny <
>>>> elecharny@apache.org>wrote:
>>>>
>>>>
>>>> Is it up for a bet?
>>>>
>>> It was just a joke :)
>>>
>>>> I'm just saying that if that thread was the only
>>>> discussion on it, it looked indecisive. If Les had more private
>>>> discussion
>>>> with the company's representatives then it'd be entirely different
>>>> matter.
>>>> Have you or anybody asked ASF legal? If legal is not available for
>>>> exactly
>>>> these types of questions, then I don't know what its purpose is.
>>>>
>>>>  Just FYI, it's now more than two months we are discussing about this
>>> name issue. If we decided to switch from JSecurity to Ki, it was because
>>> Juniper Computer is already using J-Security. It appears that the
>>> FlyerWhatever company is also using Ki, and they made us know about it.
>>>
>>> I don't want to rehash the hundred (almost) of mails exchanged, but be
>>> sure we already asked Legal about that, and Legal don't care, unless we get
>>> sued. Legal don't have the time nor the men to deal with name collision.
>>> It's up to us to find a name unlikely to be jeopardized by an existing name.
>>>
>>> We thought that Ki was safe, and agreed about it. Bad move, and this is
>>> very unfortunate. But in any case, we don't have time nor money to start a
>>> dispute about the Ki name, and it's more likely that we would lost less time
>>> discussing about a new name than trying to unforce the existing one.
>>>
>>> I'm not pleased at all about this situation, trust me on that.
>>>
>>> PS: http://www.apache.org/legal/. This will give you some info about
>>> what Legal is about.
>>>
>>>
>>> --
>>> --
>>> cordialement, regards,
>>> Emmanuel Lécharny
>>> www.iktek.com
>>> directory.apache.org
>>>
>>>
>>>
>>
>

Re: Name change (again)

[Ben <be...@autonomic.net>]

I second that. Ki was just downright obscure.

Ben

Tim Veil wrote:
> for what its worth, I think Apache Security or Apache Security API 
> sounds pretty darn cool.  If I were evaluating security frameworks, i 
> would put this framework at the top of the list  because of the apache 
> name alone.  the name is direct, self explanatory and permanently 
> fixed to a fairly recognizable brand ;)
>
> Tim
>
>
> On Mar 12, 2009, at 6:47 PM, Emmanuel Lecharny wrote:
>
>> Kalle Korhonen wrote:
>>> On Thu, Mar 12, 2009 at 3:24 PM, Emmanuel Lecharny 
>>> <el...@apache.org>wrote:
>>>
>>>
>>> Is it up for a bet?
>> It was just a joke :)
>>> I'm just saying that if that thread was the only
>>> discussion on it, it looked indecisive. If Les had more private 
>>> discussion
>>> with the company's representatives then it'd be entirely different 
>>> matter.
>>> Have you or anybody asked ASF legal? If legal is not available for 
>>> exactly
>>> these types of questions, then I don't know what its purpose is.
>>>
>> Just FYI, it's now more than two months we are discussing about this 
>> name issue. If we decided to switch from JSecurity to Ki, it was 
>> because Juniper Computer is already using J-Security. It appears that 
>> the FlyerWhatever company is also using Ki, and they made us know 
>> about it.
>>
>> I don't want to rehash the hundred (almost) of mails exchanged, but 
>> be sure we already asked Legal about that, and Legal don't care, 
>> unless we get sued. Legal don't have the time nor the men to deal 
>> with name collision. It's up to us to find a name unlikely to be 
>> jeopardized by an existing name.
>>
>> We thought that Ki was safe, and agreed about it. Bad move, and this 
>> is very unfortunate. But in any case, we don't have time nor money to 
>> start a dispute about the Ki name, and it's more likely that we would 
>> lost less time discussing about a new name than trying to unforce the 
>> existing one.
>>
>> I'm not pleased at all about this situation, trust me on that.
>>
>> PS: http://www.apache.org/legal/. This will give you some info about 
>> what Legal is about.
>>
>>
>> -- 
>> -- 
>> cordialement, regards,
>> Emmanuel Lécharny
>> www.iktek.com
>> directory.apache.org
>>
>>
>

Re: Name change (again)

[Tim Veil <tj...@gmail.com>]

for what its worth, I think Apache Security or Apache Security API  
sounds pretty darn cool.  If I were evaluating security frameworks, i  
would put this framework at the top of the list  because of the apache  
name alone.  the name is direct, self explanatory and permanently  
fixed to a fairly recognizable brand ;)

Tim


On Mar 12, 2009, at 6:47 PM, Emmanuel Lecharny wrote:

> Kalle Korhonen wrote:
>> On Thu, Mar 12, 2009 at 3:24 PM, Emmanuel Lecharny <elecharny@apache.org 
>> >wrote:
>>
>>
>> Is it up for a bet?
> It was just a joke :)
>> I'm just saying that if that thread was the only
>> discussion on it, it looked indecisive. If Les had more private  
>> discussion
>> with the company's representatives then it'd be entirely different  
>> matter.
>> Have you or anybody asked ASF legal? If legal is not available for  
>> exactly
>> these types of questions, then I don't know what its purpose is.
>>
> Just FYI, it's now more than two months we are discussing about this  
> name issue. If we decided to switch from JSecurity to Ki, it was  
> because Juniper Computer is already using J-Security. It appears  
> that the FlyerWhatever company is also using Ki, and they made us  
> know about it.
>
> I don't want to rehash the hundred (almost) of mails exchanged, but  
> be sure we already asked Legal about that, and Legal don't care,  
> unless we get sued. Legal don't have the time nor the men to deal  
> with name collision. It's up to us to find a name unlikely to be  
> jeopardized by an existing name.
>
> We thought that Ki was safe, and agreed about it. Bad move, and this  
> is very unfortunate. But in any case, we don't have time nor money  
> to start a dispute about the Ki name, and it's more likely that we  
> would lost less time discussing about a new name than trying to  
> unforce the existing one.
>
> I'm not pleased at all about this situation, trust me on that.
>
> PS: http://www.apache.org/legal/. This will give you some info about  
> what Legal is about.
>
>
> -- 
> --
> cordialement, regards,
> Emmanuel Lécharny
> www.iktek.com
> directory.apache.org
>
>

Re: Name change (again)

[Emmanuel Lecharny <el...@apache.org>]

Kalle Korhonen wrote:
> On Thu, Mar 12, 2009 at 3:24 PM, Emmanuel Lecharny <el...@apache.org>wrote:
>
>   
>
> Is it up for a bet?
It was just a joke :)
>  I'm just saying that if that thread was the only
> discussion on it, it looked indecisive. If Les had more private discussion
> with the company's representatives then it'd be entirely different matter.
> Have you or anybody asked ASF legal? If legal is not available for exactly
> these types of questions, then I don't know what its purpose is.
>   
Just FYI, it's now more than two months we are discussing about this 
name issue. If we decided to switch from JSecurity to Ki, it was because 
Juniper Computer is already using J-Security. It appears that the 
FlyerWhatever company is also using Ki, and they made us know about it.

I don't want to rehash the hundred (almost) of mails exchanged, but be 
sure we already asked Legal about that, and Legal don't care, unless we 
get sued. Legal don't have the time nor the men to deal with name 
collision. It's up to us to find a name unlikely to be jeopardized by an 
existing name.

We thought that Ki was safe, and agreed about it. Bad move, and this is 
very unfortunate. But in any case, we don't have time nor money to start 
a dispute about the Ki name, and it's more likely that we would lost 
less time discussing about a new name than trying to unforce the 
existing one.

I'm not pleased at all about this situation, trust me on that.

PS: http://www.apache.org/legal/. This will give you some info about 
what Legal is about.


-- 
--
cordialement, regards,
Emmanuel Lécharny
www.iktek.com
directory.apache.org

Re: Name change (again)

[Kalle Korhonen <ka...@gmail.com>]

On Thu, Mar 12, 2009 at 3:24 PM, Emmanuel Lecharny <el...@apache.org>wrote:

> Kalle Korhonen wrote:
>
>> Uh huh.. per that thread though, it doesn't sound like Ki is completely
>> out
>> of limits. Especially if this is branded as Apache Ki, I think there's
>> very
>> little possibility for confusion with "Ki certification".
>>
>>
> I won't pay some lawyer on my own money to have the pleasure to use Apache
> Ki. Nor will The ASF... Do you have a few ten of thousands $ just to bet ?
>
>
Is it up for a bet? I'm just saying that if that thread was the only
discussion on it, it looked indecisive. If Les had more private discussion
with the company's representatives then it'd be entirely different matter.
Have you or anybody asked ASF legal? If legal is not available for exactly
these types of questions, then I don't know what its purpose is.

Kalle

Re: Name change (again)

[Emmanuel Lecharny <el...@apache.org>]

Kalle Korhonen wrote:
> Uh huh.. per that thread though, it doesn't sound like Ki is completely out
> of limits. Especially if this is branded as Apache Ki, I think there's very
> little possibility for confusion with "Ki certification".
>   
I won't pay some lawyer on my own money to have the pleasure to use 
Apache Ki. Nor will The ASF... Do you have a few ten of thousands $ just 
to bet ?

-- 
--
cordialement, regards,
Emmanuel Lécharny
www.iktek.com
directory.apache.org

Re: Name change (again)

[Kalle Korhonen <ka...@gmail.com>]

Uh huh.. per that thread though, it doesn't sound like Ki is completely out
of limits. Especially if this is branded as Apache Ki, I think there's very
little possibility for confusion with "Ki certification".

Kalle


On Thu, Mar 12, 2009 at 11:50 AM, Les Hazlewood <lh...@apache.org>wrote:

> Per this thread:
>
> http://www.jsecurity.org/node/1081#comment-289
>
> It appears that we can't use Ki.
>
> So far the development team seems to be happy with "Apache Security API",
> which can have (good) far reaching implications for a good quality
> framework.  Any objections?
>
> - Les
>

Re: Name change (again)

[Les Hazlewood <lh...@apache.org>]

Oh yeah, thanks for the reminder!  I'll see if I can squeeze that in (I
might have to work tomorrow :/)

On Fri, Mar 13, 2009 at 1:41 PM, Emmanuel Lecharny <el...@apache.org>wrote:

> Les Hazlewood wrote:
>
>> I can't make the one in Amsterdam later this month - my project schedule
>> here is at a breakneck pace and there is no time to leave :/
>>
>> But yes, please open the discussion.  I can't speak for others of course,
>> but I'll be available by phone (con call) or Skype or whatever if you
>> want/need to pull me in to any discussions to talk about architectural
>> details or implementation techniques.
>>
>>
> I know that Craig will be there, at least, so will Alex (even if he is a
> know former mentor). I don't know about Alan.
>
>> Cheers,
>>
>> Les
>>
>> P.S.  I'm going to try to go to the U.S. one in Oakland in November...
>>
>>
> Remember that you have one more day to post a proposal for a talk. It
> closes on arch, 14th !
>
>
> --
> --
> cordialement, regards,
> Emmanuel Lécharny
> www.iktek.com
> directory.apache.org
>
>
>

Re: Name change (again)

[Emmanuel Lecharny <el...@apache.org>]

Les Hazlewood wrote:
> I can't make the one in Amsterdam later this month - my project schedule
> here is at a breakneck pace and there is no time to leave :/
>
> But yes, please open the discussion.  I can't speak for others of course,
> but I'll be available by phone (con call) or Skype or whatever if you
> want/need to pull me in to any discussions to talk about architectural
> details or implementation techniques.
>   
I know that Craig will be there, at least, so will Alex (even if he is a 
know former mentor). I don't know about Alan.
> Cheers,
>
> Les
>
> P.S.  I'm going to try to go to the U.S. one in Oakland in November...
>   
Remember that you have one more day to post a proposal for a talk. It 
closes on arch, 14th !

-- 
--
cordialement, regards,
Emmanuel Lécharny
www.iktek.com
directory.apache.org

Re: Name change (again)

[Les Hazlewood <lh...@apache.org>]

I can't make the one in Amsterdam later this month - my project schedule
here is at a breakneck pace and there is no time to leave :/

But yes, please open the discussion.  I can't speak for others of course,
but I'll be available by phone (con call) or Skype or whatever if you
want/need to pull me in to any discussions to talk about architectural
details or implementation techniques.

Cheers,

Les

P.S.  I'm going to try to go to the U.S. one in Oakland in November...

On Fri, Mar 13, 2009 at 1:21 PM, Emmanuel Lecharny <el...@apache.org>wrote:

> Les Hazlewood wrote:
>
>> Now that I've had time to think about it more, if ASF and the Incubator
>> are
>> ok with 'Apache Security', I think we should try to use that as the
>> project
>> name.
>>
>> This would certainly open up the floodgates for lots of contributions from
>> the ASF community and new ideas, given that it would have wider
>> visibility.
>> Many projects (Geronimo, Tomcat, et. al) could all help guide us as to
>> what
>> they would want.  I think that'd be great for the project's livelihood, as
>> well as be nice for the ASF community as a place where they could
>> consolidate and focus efforts.
>>
>> Mentors - do you think we could use that name? (Or Apache Security API or
>> Apache Security Framework, or whatever)?
>>
>>
> If you don't mind, I would like to use the window of opportunity opening in
> two weeks to discuss that with other Apache fellows, as the ApacheCon starts
> soon.
>
> Will you or some JSecurity/KI fellows be there ?
>
>
> --
> --
> cordialement, regards,
> Emmanuel Lécharny
> www.iktek.com
> directory.apache.org
>
>
>

Re: Name change (again)

[Emmanuel Lecharny <el...@apache.org>]

Les Hazlewood wrote:
> Now that I've had time to think about it more, if ASF and the Incubator are
> ok with 'Apache Security', I think we should try to use that as the project
> name.
>
> This would certainly open up the floodgates for lots of contributions from
> the ASF community and new ideas, given that it would have wider visibility.
> Many projects (Geronimo, Tomcat, et. al) could all help guide us as to what
> they would want.  I think that'd be great for the project's livelihood, as
> well as be nice for the ASF community as a place where they could
> consolidate and focus efforts.
>
> Mentors - do you think we could use that name? (Or Apache Security API or
> Apache Security Framework, or whatever)?
>   
If you don't mind, I would like to use the window of opportunity opening 
in two weeks to discuss that with other Apache fellows, as the ApacheCon 
starts soon.

Will you or some JSecurity/KI fellows be there ?

-- 
--
cordialement, regards,
Emmanuel Lécharny
www.iktek.com
directory.apache.org

Re: Name change (again)

[Emmanuel Lecharny <el...@apache.org>]

Les Hazlewood wrote:
> What is the PRC? and what is the mailing list that I should post to? :)
>   
Oops, sorry, I forgot to gave the information :/ PRC is Press Release 
Comitee, they are the one in charge for everything about brand. So the 
mailing list is prc@apache.org. Just send a mail mentionnaing a quick 
history about the name selection. It would be helpfull to give them some 
feedback about the reasons why we wanted to change the name to Ki and 
why we currently have another issue with this name. As they won't read 
the full thread (200 mails !), keep it as short as possible, as neutral 
as possible, and as factual as possible, in order for them to be able to 
give us valuable advices.

Many thanks Lez for hanlding that ! Sorry for not doing it myself, I 
have a train to take in half an hour.

Let's kill the issue fast. It has last far too much ...

-- 
--
cordialement, regards,
Emmanuel Lécharny
www.iktek.com
directory.apache.org

Re: Name change (again)

[Les Hazlewood <lh...@apache.org>]

What is the PRC? and what is the mailing list that I should post to? :)

Thanks!

Les

On Fri, Mar 27, 2009 at 10:21 AM, Emmanuel Lecharny <el...@apache.org>wrote:

> Les Hazlewood wrote:
>
>> There is no C&D notification of any sort, which is why I doubt this is an
>> issue - different IP domain entirely and NO registered trademarks or
>> patents.  If you look at the email post (http://jsecurity.org/node/1081),
>> what he's really saying is "we expect that a different name would be
>> chosen
>> as to not confuse members of either community", say, when seeing google
>> search listings.
>>
>>
> Whatever. Just post the mail to PRC, and let's follow the discussion
> there...
>
>
> --
> --
> cordialement, regards,
> Emmanuel Lécharny
> www.iktek.com
> directory.apache.org
>
>
>

Re: Name change (again)

[Les Hazlewood <lh...@apache.org>]

No worries Ben :)  I hope you enjoy using it!

Cheers,

Les

On Mon, Apr 6, 2009 at 9:30 AM, Ben <be...@autonomic.net> wrote:

> It's ok Les, I was only leg pulling, apologies for causing a distraction
> rather than a titter.
>
> Apache Ki sounds very good.
>
> Regards,
> Ben
>
> Les Hazlewood wrote:
>
>> Hi Ben,
>>
>> That might not be too fair - I at least (and I'm sure others as well) have
>> given proper thought to every suggestion posted on this list.  Its just
>> that
>> most suggestions didn't form enough consensus to move forward to a vote.
>> But, in any case - that's not what we're talking about in this thread -
>> we're talking about whether or not we should change the name yet again. :/
>>
>> My thought is that, as long as it is called Apache Ki, I'm fairly certain
>> that no one has to worry.  'Ki' is not the official name for the project -
>> its just a shortcut for simple reference.  The formal name is 'Apache Ki',
>> and as such, there can be no conflict with any other entity that is not in
>> the software security domain and doesn't even have Trademarks or Patents.
>>
>> Regards,
>>
>> Les
>>
>> On Mon, Apr 6, 2009 at 5:30 AM, Ben <be...@autonomic.net> wrote:
>>
>>
>>
>>> My misunderstanding, I was refering to possible compromise project names.
>>>
>>>
>>> Emmanuel Lecharny wrote:
>>>
>>>
>>>
>>>> On Mon, Apr 6, 2009 at 9:48 AM, Ben <be...@autonomic.net> wrote:
>>>>
>>>>
>>>>
>>>>
>>>>> You have had feedback, you've just ignored it :-p
>>>>>
>>>>>
>>>>>
>>>>>
>>>> >From PRC ? It might have been sent privately to Les, then. I'm
>>>> following the PRC ML and saw nothing so far ...
>>>>
>>>> Do you mind posting the feedback to the jsecurity-dev ML ?
>>>>
>>>> Thanks !
>>>>
>>>>
>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>>
>
>

Re: Name change (again)

[Ben <be...@autonomic.net>]

It's ok Les, I was only leg pulling, apologies for causing a distraction 
rather than a titter.

Apache Ki sounds very good.

Regards,
Ben

Les Hazlewood wrote:
> Hi Ben,
>
> That might not be too fair - I at least (and I'm sure others as well) have
> given proper thought to every suggestion posted on this list.  Its just that
> most suggestions didn't form enough consensus to move forward to a vote.
> But, in any case - that's not what we're talking about in this thread -
> we're talking about whether or not we should change the name yet again. :/
>
> My thought is that, as long as it is called Apache Ki, I'm fairly certain
> that no one has to worry.  'Ki' is not the official name for the project -
> its just a shortcut for simple reference.  The formal name is 'Apache Ki',
> and as such, there can be no conflict with any other entity that is not in
> the software security domain and doesn't even have Trademarks or Patents.
>
> Regards,
>
> Les
>
> On Mon, Apr 6, 2009 at 5:30 AM, Ben <be...@autonomic.net> wrote:
>
>   
>> My misunderstanding, I was refering to possible compromise project names.
>>
>>
>> Emmanuel Lecharny wrote:
>>
>>     
>>> On Mon, Apr 6, 2009 at 9:48 AM, Ben <be...@autonomic.net> wrote:
>>>
>>>
>>>       
>>>> You have had feedback, you've just ignored it :-p
>>>>
>>>>
>>>>         
>>> >From PRC ? It might have been sent privately to Les, then. I'm
>>> following the PRC ML and saw nothing so far ...
>>>
>>> Do you mind posting the feedback to the jsecurity-dev ML ?
>>>
>>> Thanks !
>>>
>>>
>>>
>>>       
>>     
>
>   

Re: Name change (again)

[Les Hazlewood <lh...@apache.org>]

Hi Ben,

That might not be too fair - I at least (and I'm sure others as well) have
given proper thought to every suggestion posted on this list.  Its just that
most suggestions didn't form enough consensus to move forward to a vote.
But, in any case - that's not what we're talking about in this thread -
we're talking about whether or not we should change the name yet again. :/

My thought is that, as long as it is called Apache Ki, I'm fairly certain
that no one has to worry.  'Ki' is not the official name for the project -
its just a shortcut for simple reference.  The formal name is 'Apache Ki',
and as such, there can be no conflict with any other entity that is not in
the software security domain and doesn't even have Trademarks or Patents.

Regards,

Les

On Mon, Apr 6, 2009 at 5:30 AM, Ben <be...@autonomic.net> wrote:

> My misunderstanding, I was refering to possible compromise project names.
>
>
> Emmanuel Lecharny wrote:
>
>> On Mon, Apr 6, 2009 at 9:48 AM, Ben <be...@autonomic.net> wrote:
>>
>>
>>> You have had feedback, you've just ignored it :-p
>>>
>>>
>>
>> >From PRC ? It might have been sent privately to Les, then. I'm
>> following the PRC ML and saw nothing so far ...
>>
>> Do you mind posting the feedback to the jsecurity-dev ML ?
>>
>> Thanks !
>>
>>
>>
>
>

Re: Name change (again)

[Ben <be...@autonomic.net>]

My misunderstanding, I was refering to possible compromise project names.

Emmanuel Lecharny wrote:
> On Mon, Apr 6, 2009 at 9:48 AM, Ben <be...@autonomic.net> wrote:
>   
>> You have had feedback, you've just ignored it :-p
>>     
>
> >From PRC ? It might have been sent privately to Les, then. I'm
> following the PRC ML and saw nothing so far ...
>
> Do you mind posting the feedback to the jsecurity-dev ML ?
>
> Thanks !
>
>   

Re: Name change (again)

[Emmanuel Lecharny <el...@apache.org>]

On Mon, Apr 6, 2009 at 9:48 AM, Ben <be...@autonomic.net> wrote:
> You have had feedback, you've just ignored it :-p

>From PRC ? It might have been sent privately to Les, then. I'm
following the PRC ML and saw nothing so far ...

Do you mind posting the feedback to the jsecurity-dev ML ?

Thanks !

-- 
Regards,
Cordialement,
Emmanuel Lécharny
www.iktek.com

Re: Name change (again)

[Ben <be...@autonomic.net>]

You have had feedback, you've just ignored it :-p


Les Hazlewood wrote:
> I'm bumping this due to a thread on the user list and would like
> clarification.  It seems as if we've had a decent amount of time to allow
> for feedback on the new name, but we haven't received any.
>
> Can we put this name issue behind us and move forward?  I think we're
> perfectly fine given that most references are to "Apache Ki" and there are
> no C&D communications from anyone - let's face it, you're never going to be
> free and clear from *potential* naming issues unless you have a project name
> that is completely random does not make any sense at all.  Given that our
> domain is totally different from the one single potential issue, and that
> there is no Trademark or Patent under that name, and no one from Legal or
> PRC has said anything to indicate we should rename (again), I really don't
> think this is an issue.  I can also file for the Trademark if it makes our
> mentors feel better.
>
> I'm of the opinion that we need to move forward asap - this is really
> hurting the project's momentum, and it looks bad bad in the community - I'm
> sure our existing users feel like they're in 'limbo' because they don't have
> a definitive answer.  I hate to think of the repercussions this would have
> on the project community if it lasts much longer.
>
> On Mon, Mar 30, 2009 at 5:00 AM, Emmanuel Lecharny <el...@apache.org>wrote:
>
>   
>> Alan D. Cabrera wrote:
>>
>>     
>>> On Mar 27, 2009, at 6:02 AM, Emmanuel Lecharny wrote:
>>>
>>>  Ok,
>>>       
>>>> I just discussed with Bill Rowe (one of the board member) about the name
>>>> issue. Here is his thought about it :
>>>> - jsecurity, cool name, but might not worth fighting against Juniper
>>>> - Ki, he would like to get a copy of the C&D letter forwarded to PRC,
>>>> where the trademark matters are being discussed.
>>>>
>>>> So basically, let's first post this letter to PRC (if not already done),
>>>> and start discuss this there.
>>>>
>>>>         
>>> Running this by Public Relations?!?!?!  How odd.
>>>
>>>       
>> Yes, I know, but this is what I have been told by Bill Rowen Sander Striker
>> and Sally... Maybe because Larry Rosen is on this list, and because names is
>> a PRC issue somehow.
>>
>>
>>
>> --
>> --
>> cordialement, regards,
>> Emmanuel Lécharny
>> www.iktek.com
>> directory.apache.org
>>
>>
>>
>>     
>
>   

Re: Name change (again)

[Emmanuel Lecharny <el...@apache.org>]

I will try to ping PRC again this week. They where probably having some 
rest after a few weeks of crazy work due to the 10 years announcement...

However, I have just a crazy idea : why about concatenating both 
existing name : ki-security ? We could then keep the JIRA, mailing list 
and such, people who used JSecurity would not be too much lost, the same 
for those using Ki right now, and we probably be safe from the name 
collision POV.

Otherwise, I agree with Les that we should solve this problem asap.

Btw, the april report is due by april, 8th...

Thanks !

Les Hazlewood wrote:
> I'm bumping this due to a thread on the user list and would like
> clarification.  It seems as if we've had a decent amount of time to allow
> for feedback on the new name, but we haven't received any.
>
> Can we put this name issue behind us and move forward?  I think we're
> perfectly fine given that most references are to "Apache Ki" and there are
> no C&D communications from anyone - let's face it, you're never going to be
> free and clear from *potential* naming issues unless you have a project name
> that is completely random does not make any sense at all.  Given that our
> domain is totally different from the one single potential issue, and that
> there is no Trademark or Patent under that name, and no one from Legal or
> PRC has said anything to indicate we should rename (again), I really don't
> think this is an issue.  I can also file for the Trademark if it makes our
> mentors feel better.
>
> I'm of the opinion that we need to move forward asap - this is really
> hurting the project's momentum, and it looks bad bad in the community - I'm
> sure our existing users feel like they're in 'limbo' because they don't have
> a definitive answer.  I hate to think of the repercussions this would have
> on the project community if it lasts much longer.
>
> On Mon, Mar 30, 2009 at 5:00 AM, Emmanuel Lecharny <el...@apache.org>wrote:
>
>   
>> Alan D. Cabrera wrote:
>>
>>     
>>> On Mar 27, 2009, at 6:02 AM, Emmanuel Lecharny wrote:
>>>
>>>  Ok,
>>>       
>>>> I just discussed with Bill Rowe (one of the board member) about the name
>>>> issue. Here is his thought about it :
>>>> - jsecurity, cool name, but might not worth fighting against Juniper
>>>> - Ki, he would like to get a copy of the C&D letter forwarded to PRC,
>>>> where the trademark matters are being discussed.
>>>>
>>>> So basically, let's first post this letter to PRC (if not already done),
>>>> and start discuss this there.
>>>>
>>>>         
>>> Running this by Public Relations?!?!?!  How odd.
>>>
>>>       
>> Yes, I know, but this is what I have been told by Bill Rowen Sander Striker
>> and Sally... Maybe because Larry Rosen is on this list, and because names is
>> a PRC issue somehow.
>>
>>
>>
>> --
>> --
>> cordialement, regards,
>> Emmanuel Lécharny
>> www.iktek.com
>> directory.apache.org
>>
>>
>>
>>     
>
>   


-- 
--
cordialement, regards,
Emmanuel Lécharny
www.iktek.com
directory.apache.org

Re: Name change (again)

[Les Hazlewood <lh...@apache.org>]

I'm bumping this due to a thread on the user list and would like
clarification.  It seems as if we've had a decent amount of time to allow
for feedback on the new name, but we haven't received any.

Can we put this name issue behind us and move forward?  I think we're
perfectly fine given that most references are to "Apache Ki" and there are
no C&D communications from anyone - let's face it, you're never going to be
free and clear from *potential* naming issues unless you have a project name
that is completely random does not make any sense at all.  Given that our
domain is totally different from the one single potential issue, and that
there is no Trademark or Patent under that name, and no one from Legal or
PRC has said anything to indicate we should rename (again), I really don't
think this is an issue.  I can also file for the Trademark if it makes our
mentors feel better.

I'm of the opinion that we need to move forward asap - this is really
hurting the project's momentum, and it looks bad bad in the community - I'm
sure our existing users feel like they're in 'limbo' because they don't have
a definitive answer.  I hate to think of the repercussions this would have
on the project community if it lasts much longer.

On Mon, Mar 30, 2009 at 5:00 AM, Emmanuel Lecharny <el...@apache.org>wrote:

> Alan D. Cabrera wrote:
>
>>
>> On Mar 27, 2009, at 6:02 AM, Emmanuel Lecharny wrote:
>>
>>  Ok,
>>>
>>> I just discussed with Bill Rowe (one of the board member) about the name
>>> issue. Here is his thought about it :
>>> - jsecurity, cool name, but might not worth fighting against Juniper
>>> - Ki, he would like to get a copy of the C&D letter forwarded to PRC,
>>> where the trademark matters are being discussed.
>>>
>>> So basically, let's first post this letter to PRC (if not already done),
>>> and start discuss this there.
>>>
>>
>> Running this by Public Relations?!?!?!  How odd.
>>
> Yes, I know, but this is what I have been told by Bill Rowen Sander Striker
> and Sally... Maybe because Larry Rosen is on this list, and because names is
> a PRC issue somehow.
>
>
>
> --
> --
> cordialement, regards,
> Emmanuel Lécharny
> www.iktek.com
> directory.apache.org
>
>
>

Re: Name change (again)

[Emmanuel Lecharny <el...@apache.org>]

Alan D. Cabrera wrote:
>
> On Mar 27, 2009, at 6:02 AM, Emmanuel Lecharny wrote:
>
>> Ok,
>>
>> I just discussed with Bill Rowe (one of the board member) about the 
>> name issue. Here is his thought about it :
>> - jsecurity, cool name, but might not worth fighting against Juniper
>> - Ki, he would like to get a copy of the C&D letter forwarded to PRC, 
>> where the trademark matters are being discussed.
>>
>> So basically, let's first post this letter to PRC (if not already 
>> done), and start discuss this there.
>
> Running this by Public Relations?!?!?!  How odd.
Yes, I know, but this is what I have been told by Bill Rowen Sander 
Striker and Sally... Maybe because Larry Rosen is on this list, and 
because names is a PRC issue somehow.


-- 
--
cordialement, regards,
Emmanuel Lécharny
www.iktek.com
directory.apache.org

Re: Name change (again)

["Alan D. Cabrera" <li...@toolazydogs.com>]

On Mar 27, 2009, at 6:02 AM, Emmanuel Lecharny wrote:

> Ok,
>
> I just discussed with Bill Rowe (one of the board member) about the  
> name issue. Here is his thought about it :
> - jsecurity, cool name, but might not worth fighting against Juniper
> - Ki, he would like to get a copy of the C&D letter forwarded to  
> PRC, where the trademark matters are being discussed.
>
> So basically, let's first post this letter to PRC (if not already  
> done), and start discuss this there.

Running this by Public Relations?!?!?!  How odd.


Regards,
Alanm

Re: Name change (again)

[Emmanuel Lecharny <el...@apache.org>]

Les Hazlewood wrote:
> There is no C&D notification of any sort, which is why I doubt this is an
> issue - different IP domain entirely and NO registered trademarks or
> patents.  If you look at the email post (http://jsecurity.org/node/1081),
> what he's really saying is "we expect that a different name would be chosen
> as to not confuse members of either community", say, when seeing google
> search listings.
>   
Whatever. Just post the mail to PRC, and let's follow the discussion 
there...

-- 
--
cordialement, regards,
Emmanuel Lécharny
www.iktek.com
directory.apache.org

Re: Name change (again)

[Les Hazlewood <lh...@apache.org>]

There is no C&D notification of any sort, which is why I doubt this is an
issue - different IP domain entirely and NO registered trademarks or
patents.  If you look at the email post (http://jsecurity.org/node/1081),
what he's really saying is "we expect that a different name would be chosen
as to not confuse members of either community", say, when seeing google
search listings.

They never said "please don't use it", or "you can't use it".  There is no
C&D.  I responded to him and refuted the claim of 'similar branding' (there
isn't any at all). I haven't received any response.

If they had an attorney I wonder if the attorney would say that they
couldn't send a C&D because of the dramatically different domain and they
don't even have a Trademark on which to base it.  IANAL, so it'd be nice to
have a lawyer confirm.

Heck, if I knew how much it costs do file a Trademark on the name and the
costs are not prohibitive, I'll just buy it and donate it to the ASF.

On Fri, Mar 27, 2009 at 9:02 AM, Emmanuel Lecharny <el...@apache.org>wrote:

> Ok,
>
> I just discussed with Bill Rowe (one of the board member) about the name
> issue. Here is his thought about it :
> - jsecurity, cool name, but might not worth fighting against Juniper
> - Ki, he would like to get a copy of the C&D letter forwarded to PRC, where
> the trademark matters are being discussed.
>
> So basically, let's first post this letter to PRC (if not already done),
> and start discuss this there.
>
> Thanks !
> --
> --
> cordialement, regards,
> Emmanuel Lécharny
> www.iktek.com
> directory.apache.org
>
>
>

Re: Name change (again)

[Emmanuel Lecharny <el...@apache.org>]

Ok,

I just discussed with Bill Rowe (one of the board member) about the name issue. Here is his thought about it :
- jsecurity, cool name, but might not worth fighting against Juniper
- Ki, he would like to get a copy of the C&D letter forwarded to PRC, where the trademark matters are being discussed.

So basically, let's first post this letter to PRC (if not already done), and start discuss this there.

Thanks !
-- 
--
cordialement, regards,
Emmanuel Lécharny
www.iktek.com
directory.apache.org

Re: Name change (again)

[Ben <be...@autonomic.net>]

This company, whatever they really do/are, knows about the project and 
has asked it not to use the name Ki.
This means it is likely (greater than a 0% probability) they will 
legally challenge the name.
My first view is that the project needs a solid legal opinion, from a 
legal expert, about whether there is a potential conflict here.

My second opinion is that the Ki name was a close call in the vote 
(certainly not a firm favorite). Now that this issue has focused minds a 
little bit, I think it makes sense to have another go - only this time 
why not throw the net out.  A community call for a new name with the 
backdrop of being hassled by commercial companies would get coverage on 
slashdot / theregister.co.uk / techcrunch. Filter out all the crap 
comments that are bound to follow, and I'd bet there will be a few gems. 
This process needn't take long.

My final opinion is :

"kiSecurity"

Over and out.

Ben

Les Hazlewood wrote:
> The OS community is starting to call this project 'Ki' (wicket integration,
> blogs).  I honestly think we're fine with this name moving forward - totally
> different business domain than FixFlyer's - there is no overlap here IMO.
>
> I'd like to tell the infra@ guys to move forward with wiki creation and
> other things related to project infrastructure until we all agree on
> something different.  Waiting until we all agree could cripple this project
> for another 3 or 4 months, and I think that would be really, really bad for
> the project...
>
> The name change was formally voted upon and agreed, and as such I don't
> think we should stop efforts related to the name change until another such
> vote occurs.  Can we continue with infrastructure?
>
> Thoughts?
>
> On Mon, Mar 16, 2009 at 10:02 AM, Les Hazlewood <lh...@apache.org>wrote:
>
>   
>> The problem with authx is that it doesn't convey the other two areas that
>> round out the project's functionality:  Cryptography and Session Management.
>>
>> And thanks for contributing suggestions.  It is really hard to pick a name
>> that clears multiple criteria, so I appreciate the effort :)
>>
>>
>> On Mon, Mar 16, 2009 at 9:55 AM, Ben <be...@autonomic.net> wrote:
>>
>>     
>>> What about using terminology from JSecurity itself?
>>>
>>> something like :  RealmSec
>>>
>>> ... or decoupling JSec from Java by claiming it stands for Just Security ?
>>>
>>> Similarly, it's common to refer to Authorization and Authentication as
>>> Authz and Authc, so why not authx?  That's quite cool?
>>>
>>> It seems like a real risk that you're going to just pick a sub-optimal
>>> name on a whim here. Let the discussion carry on a while.
>>>
>>> At first glance, they all seem plausibly available.
>>>
>>> Kindest Regards,
>>>
>>> Ben
>>>
>>>
>>> Les Hazlewood wrote:
>>>
>>>       
>>>> Hi Kalle,
>>>>
>>>> Yes, I agree - it is a bit of a stretch for an abbreviation, but I was
>>>> really looking for a random made-up word that _could_ be based on a more
>>>> direct name for a security project.  It seems like Aseca does alright in
>>>> that space.
>>>>
>>>> I guess it might sound like Acegi a bit, but maybe because of my
>>>> ignorance
>>>> of Acegi, I just never thought of that.  The other thing is that
>>>> particular
>>>> project is no longer called Acegi, and given that our name is different
>>>> (enough) and founded based on an abbreviation (of sorts), I don't think
>>>> we'd
>>>> have any problems.
>>>>
>>>> I also thought of just using Asa or Asea, but there are many more search
>>>> hits for those two terms and wouldn't give us decent google visibility
>>>> (and
>>>> might actually be a conflict, I'm not sure), whereas Aseca seems to be
>>>> more
>>>> ideal in the 'hit factor' department.  At least it clears all the major
>>>> criteria for finding a new name that I can think of...
>>>>
>>>> - Les
>>>>
>>>> On Sat, Mar 14, 2009 at 1:39 PM, Kalle Korhonen
>>>> <ka...@gmail.com>wrote:
>>>>
>>>>
>>>>
>>>>         
>>>>> As an abbreviation, feels a bit forced, but as a random made-up word
>>>>> Aseca
>>>>> sounds alright. A bit close to Acegi, which could be good or bad and
>>>>> then
>>>>> again, they renamed that project to Spring Security (Acegi 2 anyone? :)
>>>>>
>>>>> Kalle
>>>>>
>>>>>
>>>>> On Sat, Mar 14, 2009 at 8:30 AM, Les Hazlewood <lhazlewood@apache.org
>>>>>
>>>>>
>>>>>           
>>>>>> wrote:
>>>>>>      Ok, I think I might have a winner here:
>>>>>>
>>>>>> Application SECurity Api (ASECA)
>>>>>>
>>>>>> Nothing comes up at all in a USPTO search, it is generic, kinda rolls
>>>>>> off
>>>>>> the toungue/easy to pronounce, it does not assume an Apache 'blanket'
>>>>>> project, and best, it does not have any existing software projects that
>>>>>> I
>>>>>> can find.  In fact, there is only one decent match from google for the
>>>>>> "Association of Securities and Exchange Commission Alumni", which I
>>>>>> don't
>>>>>> think anyone will disagree is _totally_ different and unrelated to our
>>>>>> project.  There are some PDFs that reference 'aseca', but none are
>>>>>>
>>>>>>
>>>>>>             
>>>>> related
>>>>>
>>>>>
>>>>>           
>>>>>> to software or security.
>>>>>>
>>>>>> What do you guys think?  This might be the best I can come up with...
>>>>>>
>>>>>> - Les
>>>>>>
>>>>>> On Fri, Mar 13, 2009 at 9:15 PM, Alan D. Cabrera <list@toolazydogs.com
>>>>>>
>>>>>>
>>>>>>             
>>>>>>> wrote:
>>>>>>>        On Mar 13, 2009, at 10:09 AM, Les Hazlewood wrote:
>>>>>>>
>>>>>>>  Now that I've had time to think about it more, if ASF and the
>>>>>>>
>>>>>>>
>>>>>>>               
>>>>>> Incubator
>>>>>>             
>>>>>           
>>>>>>  are
>>>>>>             
>>>>>>>> ok with 'Apache Security', I think we should try to use that as the
>>>>>>>> project
>>>>>>>> name.
>>>>>>>>
>>>>>>>> This would certainly open up the floodgates for lots of contributions
>>>>>>>>
>>>>>>>>
>>>>>>>>                 
>>>>>>> from
>>>>>>>               
>>>>>>             
>>>>>>> the ASF community and new ideas, given that it would have wider
>>>>>>>               
>>>>>>>> visibility.
>>>>>>>> Many projects (Geronimo, Tomcat, et. al) could all help guide us as
>>>>>>>> to
>>>>>>>> what
>>>>>>>> they would want.  I think that'd be great for the project's
>>>>>>>>
>>>>>>>>
>>>>>>>>                 
>>>>>>> livelihood,
>>>>>>>               
>>>>>           
>>>>>> as
>>>>>>
>>>>>>
>>>>>>             
>>>>>>> well as be nice for the ASF community as a place where they could
>>>>>>>               
>>>>>>>> consolidate and focus efforts.
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>                 
>>>>>>> That's the case for us right now.  Interest in this project is based
>>>>>>>
>>>>>>>
>>>>>>>               
>>>>>> solely
>>>>>>
>>>>>>
>>>>>>             
>>>>>>> on the product itself and the openness of the community, not by the
>>>>>>> implication of the name.
>>>>>>>
>>>>>>>  Mentors - do you think we could use that name? (Or Apache Security
>>>>>>> API
>>>>>>>
>>>>>>>
>>>>>>>               
>>>>>> or
>>>>>>
>>>>>>
>>>>>>             
>>>>>>> Apache Security Framework, or whatever)?
>>>>>>>               
>>>>>>>>
>>>>>>>>                 
>>>>>>> There would be HUGE resistance from the other projects that are doing
>>>>>>>
>>>>>>>
>>>>>>>               
>>>>>> their
>>>>>>
>>>>>>
>>>>>>             
>>>>>>> own security mechanisms.
>>>>>>>
>>>>>>> IMO, let a thousand flowers bloom.
>>>>>>>
>>>>>>>
>>>>>>> Regards,
>>>>>>> Alan
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>               
>>>>>>>> On Fri, Mar 13, 2009 at 4:14 AM, Emmanuel Lecharny <
>>>>>>>>
>>>>>>>>
>>>>>>>>                 
>>>>>>> elecharny@apache.org
>>>>>>>               
>>>>>>             
>>>>>>>  wrote:
>>>>>>>               
>>>>>>>>>                   
>>>>>>>>  David Jencks wrote:
>>>>>>>>
>>>>>>>>
>>>>>>>>                 
>>>>>>>>>                   
>>>>>>>>>> On Mar 12, 2009, at 11:50 AM, Les Hazlewood wrote:
>>>>>>>>>>
>>>>>>>>>> Per this thread:
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>                     
>>>>>>>>>>> http://www.jsecurity.org/node/1081#comment-289
>>>>>>>>>>>
>>>>>>>>>>> It appears that we can't use Ki.
>>>>>>>>>>>
>>>>>>>>>>> So far the development team seems to be happy with "Apache
>>>>>>>>>>> Security
>>>>>>>>>>> API",
>>>>>>>>>>> which can have (good) far reaching implications for a good quality
>>>>>>>>>>> framework.  Any objections?
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>                       
>>>>>>>>>> I think it implies that this project is happy to include all java
>>>>>>>>>> security
>>>>>>>>>> work at apache.  For instance, would you be happy to include a
>>>>>>>>>> xamcl
>>>>>>>>>> jacc
>>>>>>>>>> implementation that did not use your Subject but rather the JAAS
>>>>>>>>>> subject?
>>>>>>>>>> It would certainly be a java security implementation but AFAICT has
>>>>>>>>>> little
>>>>>>>>>> to no overlap with what you are doing now.
>>>>>>>>>>
>>>>>>>>>> I think it also has a connotation that apache has somehow approved
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>                     
>>>>>>>>> your
>>>>>>>>>                   
>>>>>>             
>>>>>>>  api and all projects needing java security  are expected to use it.
>>>>>>>               
>>>>>>>>>> Dunno if anyone else gets these ideas from the name but I do.  And
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>                     
>>>>>>>>> I'm
>>>>>>>>>                   
>>>>>           
>>>>>>  certainly not implying anything about the nature or quality of this
>>>>>>             
>>>>>>>>>> project.... just that naming one project for the entire field of
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>                     
>>>>>>>>> which
>>>>>>>>>                   
>>>>>           
>>>>>>  it is
>>>>>>             
>>>>>>>>>> an example may not be without problems and implications.
>>>>>>>>>>
>>>>>>>>>>  There is some implication that need to be overviewed, that's for
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>                     
>>>>>>>>> sure.
>>>>>>>>>                   
>>>>>>             
>>>>>>>  Now,
>>>>>>>               
>>>>>>>>> we may need a general security umbrella for many different project
>>>>>>>>> related
>>>>>>>>> to security. This could be a good starting point.
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> --
>>>>>>>>> --
>>>>>>>>>
>>>>>>>>> cordialement, regards,
>>>>>>>>> Emmanuel Lécharny
>>>>>>>>> www.iktek.com
>>>>>>>>> directory.apache.org
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>                   
>>>>         
>>>       
>
>   

Re: Name change (again)

[Les Hazlewood <lh...@apache.org>]

The OS community is starting to call this project 'Ki' (wicket integration,
blogs).  I honestly think we're fine with this name moving forward - totally
different business domain than FixFlyer's - there is no overlap here IMO.

I'd like to tell the infra@ guys to move forward with wiki creation and
other things related to project infrastructure until we all agree on
something different.  Waiting until we all agree could cripple this project
for another 3 or 4 months, and I think that would be really, really bad for
the project...

The name change was formally voted upon and agreed, and as such I don't
think we should stop efforts related to the name change until another such
vote occurs.  Can we continue with infrastructure?

Thoughts?

On Mon, Mar 16, 2009 at 10:02 AM, Les Hazlewood <lh...@apache.org>wrote:

> The problem with authx is that it doesn't convey the other two areas that
> round out the project's functionality:  Cryptography and Session Management.
>
> And thanks for contributing suggestions.  It is really hard to pick a name
> that clears multiple criteria, so I appreciate the effort :)
>
>
> On Mon, Mar 16, 2009 at 9:55 AM, Ben <be...@autonomic.net> wrote:
>
>> What about using terminology from JSecurity itself?
>>
>> something like :  RealmSec
>>
>> ... or decoupling JSec from Java by claiming it stands for Just Security ?
>>
>> Similarly, it's common to refer to Authorization and Authentication as
>> Authz and Authc, so why not authx?  That's quite cool?
>>
>> It seems like a real risk that you're going to just pick a sub-optimal
>> name on a whim here. Let the discussion carry on a while.
>>
>> At first glance, they all seem plausibly available.
>>
>> Kindest Regards,
>>
>> Ben
>>
>>
>> Les Hazlewood wrote:
>>
>>> Hi Kalle,
>>>
>>> Yes, I agree - it is a bit of a stretch for an abbreviation, but I was
>>> really looking for a random made-up word that _could_ be based on a more
>>> direct name for a security project.  It seems like Aseca does alright in
>>> that space.
>>>
>>> I guess it might sound like Acegi a bit, but maybe because of my
>>> ignorance
>>> of Acegi, I just never thought of that.  The other thing is that
>>> particular
>>> project is no longer called Acegi, and given that our name is different
>>> (enough) and founded based on an abbreviation (of sorts), I don't think
>>> we'd
>>> have any problems.
>>>
>>> I also thought of just using Asa or Asea, but there are many more search
>>> hits for those two terms and wouldn't give us decent google visibility
>>> (and
>>> might actually be a conflict, I'm not sure), whereas Aseca seems to be
>>> more
>>> ideal in the 'hit factor' department.  At least it clears all the major
>>> criteria for finding a new name that I can think of...
>>>
>>> - Les
>>>
>>> On Sat, Mar 14, 2009 at 1:39 PM, Kalle Korhonen
>>> <ka...@gmail.com>wrote:
>>>
>>>
>>>
>>>> As an abbreviation, feels a bit forced, but as a random made-up word
>>>> Aseca
>>>> sounds alright. A bit close to Acegi, which could be good or bad and
>>>> then
>>>> again, they renamed that project to Spring Security (Acegi 2 anyone? :)
>>>>
>>>> Kalle
>>>>
>>>>
>>>> On Sat, Mar 14, 2009 at 8:30 AM, Les Hazlewood <lhazlewood@apache.org
>>>>
>>>>
>>>>> wrote:
>>>>>      Ok, I think I might have a winner here:
>>>>>
>>>>> Application SECurity Api (ASECA)
>>>>>
>>>>> Nothing comes up at all in a USPTO search, it is generic, kinda rolls
>>>>> off
>>>>> the toungue/easy to pronounce, it does not assume an Apache 'blanket'
>>>>> project, and best, it does not have any existing software projects that
>>>>> I
>>>>> can find.  In fact, there is only one decent match from google for the
>>>>> "Association of Securities and Exchange Commission Alumni", which I
>>>>> don't
>>>>> think anyone will disagree is _totally_ different and unrelated to our
>>>>> project.  There are some PDFs that reference 'aseca', but none are
>>>>>
>>>>>
>>>> related
>>>>
>>>>
>>>>> to software or security.
>>>>>
>>>>> What do you guys think?  This might be the best I can come up with...
>>>>>
>>>>> - Les
>>>>>
>>>>> On Fri, Mar 13, 2009 at 9:15 PM, Alan D. Cabrera <list@toolazydogs.com
>>>>>
>>>>>
>>>>>> wrote:
>>>>>>        On Mar 13, 2009, at 10:09 AM, Les Hazlewood wrote:
>>>>>>
>>>>>>  Now that I've had time to think about it more, if ASF and the
>>>>>>
>>>>>>
>>>>> Incubator
>>>>
>>>>
>>>>>  are
>>>>>>> ok with 'Apache Security', I think we should try to use that as the
>>>>>>> project
>>>>>>> name.
>>>>>>>
>>>>>>> This would certainly open up the floodgates for lots of contributions
>>>>>>>
>>>>>>>
>>>>>> from
>>>>>
>>>>>
>>>>>> the ASF community and new ideas, given that it would have wider
>>>>>>> visibility.
>>>>>>> Many projects (Geronimo, Tomcat, et. al) could all help guide us as
>>>>>>> to
>>>>>>> what
>>>>>>> they would want.  I think that'd be great for the project's
>>>>>>>
>>>>>>>
>>>>>> livelihood,
>>>>
>>>>
>>>>> as
>>>>>
>>>>>
>>>>>> well as be nice for the ASF community as a place where they could
>>>>>>> consolidate and focus efforts.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>> That's the case for us right now.  Interest in this project is based
>>>>>>
>>>>>>
>>>>> solely
>>>>>
>>>>>
>>>>>> on the product itself and the openness of the community, not by the
>>>>>> implication of the name.
>>>>>>
>>>>>>  Mentors - do you think we could use that name? (Or Apache Security
>>>>>> API
>>>>>>
>>>>>>
>>>>> or
>>>>>
>>>>>
>>>>>> Apache Security Framework, or whatever)?
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>> There would be HUGE resistance from the other projects that are doing
>>>>>>
>>>>>>
>>>>> their
>>>>>
>>>>>
>>>>>> own security mechanisms.
>>>>>>
>>>>>> IMO, let a thousand flowers bloom.
>>>>>>
>>>>>>
>>>>>> Regards,
>>>>>> Alan
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>> On Fri, Mar 13, 2009 at 4:14 AM, Emmanuel Lecharny <
>>>>>>>
>>>>>>>
>>>>>> elecharny@apache.org
>>>>>
>>>>>
>>>>>>  wrote:
>>>>>>>>
>>>>>>>>
>>>>>>>  David Jencks wrote:
>>>>>>>
>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>> On Mar 12, 2009, at 11:50 AM, Les Hazlewood wrote:
>>>>>>>>>
>>>>>>>>> Per this thread:
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>> http://www.jsecurity.org/node/1081#comment-289
>>>>>>>>>>
>>>>>>>>>> It appears that we can't use Ki.
>>>>>>>>>>
>>>>>>>>>> So far the development team seems to be happy with "Apache
>>>>>>>>>> Security
>>>>>>>>>> API",
>>>>>>>>>> which can have (good) far reaching implications for a good quality
>>>>>>>>>> framework.  Any objections?
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>> I think it implies that this project is happy to include all java
>>>>>>>>> security
>>>>>>>>> work at apache.  For instance, would you be happy to include a
>>>>>>>>> xamcl
>>>>>>>>> jacc
>>>>>>>>> implementation that did not use your Subject but rather the JAAS
>>>>>>>>> subject?
>>>>>>>>> It would certainly be a java security implementation but AFAICT has
>>>>>>>>> little
>>>>>>>>> to no overlap with what you are doing now.
>>>>>>>>>
>>>>>>>>> I think it also has a connotation that apache has somehow approved
>>>>>>>>>
>>>>>>>>>
>>>>>>>> your
>>>>>
>>>>>
>>>>>>  api and all projects needing java security  are expected to use it.
>>>>>>>>>
>>>>>>>>> Dunno if anyone else gets these ideas from the name but I do.  And
>>>>>>>>>
>>>>>>>>>
>>>>>>>> I'm
>>>>
>>>>
>>>>>  certainly not implying anything about the nature or quality of this
>>>>>>>>> project.... just that naming one project for the entire field of
>>>>>>>>>
>>>>>>>>>
>>>>>>>> which
>>>>
>>>>
>>>>>  it is
>>>>>>>>> an example may not be without problems and implications.
>>>>>>>>>
>>>>>>>>>  There is some implication that need to be overviewed, that's for
>>>>>>>>>
>>>>>>>>>
>>>>>>>> sure.
>>>>>
>>>>>
>>>>>>  Now,
>>>>>>>> we may need a general security umbrella for many different project
>>>>>>>> related
>>>>>>>> to security. This could be a good starting point.
>>>>>>>>
>>>>>>>>
>>>>>>>> --
>>>>>>>> --
>>>>>>>>
>>>>>>>> cordialement, regards,
>>>>>>>> Emmanuel Lécharny
>>>>>>>> www.iktek.com
>>>>>>>> directory.apache.org
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>
>>>
>>
>>
>

Re: Name change (again)

[Les Hazlewood <lh...@apache.org>]

The problem with authx is that it doesn't convey the other two areas that
round out the project's functionality:  Cryptography and Session Management.

And thanks for contributing suggestions.  It is really hard to pick a name
that clears multiple criteria, so I appreciate the effort :)

On Mon, Mar 16, 2009 at 9:55 AM, Ben <be...@autonomic.net> wrote:

> What about using terminology from JSecurity itself?
>
> something like :  RealmSec
>
> ... or decoupling JSec from Java by claiming it stands for Just Security ?
>
> Similarly, it's common to refer to Authorization and Authentication as
> Authz and Authc, so why not authx?  That's quite cool?
>
> It seems like a real risk that you're going to just pick a sub-optimal name
> on a whim here. Let the discussion carry on a while.
>
> At first glance, they all seem plausibly available.
>
> Kindest Regards,
>
> Ben
>
>
> Les Hazlewood wrote:
>
>> Hi Kalle,
>>
>> Yes, I agree - it is a bit of a stretch for an abbreviation, but I was
>> really looking for a random made-up word that _could_ be based on a more
>> direct name for a security project.  It seems like Aseca does alright in
>> that space.
>>
>> I guess it might sound like Acegi a bit, but maybe because of my ignorance
>> of Acegi, I just never thought of that.  The other thing is that
>> particular
>> project is no longer called Acegi, and given that our name is different
>> (enough) and founded based on an abbreviation (of sorts), I don't think
>> we'd
>> have any problems.
>>
>> I also thought of just using Asa or Asea, but there are many more search
>> hits for those two terms and wouldn't give us decent google visibility
>> (and
>> might actually be a conflict, I'm not sure), whereas Aseca seems to be
>> more
>> ideal in the 'hit factor' department.  At least it clears all the major
>> criteria for finding a new name that I can think of...
>>
>> - Les
>>
>> On Sat, Mar 14, 2009 at 1:39 PM, Kalle Korhonen
>> <ka...@gmail.com>wrote:
>>
>>
>>
>>> As an abbreviation, feels a bit forced, but as a random made-up word
>>> Aseca
>>> sounds alright. A bit close to Acegi, which could be good or bad and then
>>> again, they renamed that project to Spring Security (Acegi 2 anyone? :)
>>>
>>> Kalle
>>>
>>>
>>> On Sat, Mar 14, 2009 at 8:30 AM, Les Hazlewood <lhazlewood@apache.org
>>>
>>>
>>>> wrote:
>>>>      Ok, I think I might have a winner here:
>>>>
>>>> Application SECurity Api (ASECA)
>>>>
>>>> Nothing comes up at all in a USPTO search, it is generic, kinda rolls
>>>> off
>>>> the toungue/easy to pronounce, it does not assume an Apache 'blanket'
>>>> project, and best, it does not have any existing software projects that
>>>> I
>>>> can find.  In fact, there is only one decent match from google for the
>>>> "Association of Securities and Exchange Commission Alumni", which I
>>>> don't
>>>> think anyone will disagree is _totally_ different and unrelated to our
>>>> project.  There are some PDFs that reference 'aseca', but none are
>>>>
>>>>
>>> related
>>>
>>>
>>>> to software or security.
>>>>
>>>> What do you guys think?  This might be the best I can come up with...
>>>>
>>>> - Les
>>>>
>>>> On Fri, Mar 13, 2009 at 9:15 PM, Alan D. Cabrera <list@toolazydogs.com
>>>>
>>>>
>>>>> wrote:
>>>>>        On Mar 13, 2009, at 10:09 AM, Les Hazlewood wrote:
>>>>>
>>>>>  Now that I've had time to think about it more, if ASF and the
>>>>>
>>>>>
>>>> Incubator
>>>
>>>
>>>> are
>>>>>> ok with 'Apache Security', I think we should try to use that as the
>>>>>> project
>>>>>> name.
>>>>>>
>>>>>> This would certainly open up the floodgates for lots of contributions
>>>>>>
>>>>>>
>>>>> from
>>>>
>>>>
>>>>> the ASF community and new ideas, given that it would have wider
>>>>>> visibility.
>>>>>> Many projects (Geronimo, Tomcat, et. al) could all help guide us as to
>>>>>> what
>>>>>> they would want.  I think that'd be great for the project's
>>>>>>
>>>>>>
>>>>> livelihood,
>>>
>>>
>>>> as
>>>>
>>>>
>>>>> well as be nice for the ASF community as a place where they could
>>>>>> consolidate and focus efforts.
>>>>>>
>>>>>>
>>>>>>
>>>>> That's the case for us right now.  Interest in this project is based
>>>>>
>>>>>
>>>> solely
>>>>
>>>>
>>>>> on the product itself and the openness of the community, not by the
>>>>> implication of the name.
>>>>>
>>>>>  Mentors - do you think we could use that name? (Or Apache Security API
>>>>>
>>>>>
>>>> or
>>>>
>>>>
>>>>> Apache Security Framework, or whatever)?
>>>>>>
>>>>>>
>>>>>>
>>>>> There would be HUGE resistance from the other projects that are doing
>>>>>
>>>>>
>>>> their
>>>>
>>>>
>>>>> own security mechanisms.
>>>>>
>>>>> IMO, let a thousand flowers bloom.
>>>>>
>>>>>
>>>>> Regards,
>>>>> Alan
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>> On Fri, Mar 13, 2009 at 4:14 AM, Emmanuel Lecharny <
>>>>>>
>>>>>>
>>>>> elecharny@apache.org
>>>>
>>>>
>>>>> wrote:
>>>>>>>
>>>>>>>
>>>>>>  David Jencks wrote:
>>>>>>
>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>> On Mar 12, 2009, at 11:50 AM, Les Hazlewood wrote:
>>>>>>>>
>>>>>>>> Per this thread:
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>> http://www.jsecurity.org/node/1081#comment-289
>>>>>>>>>
>>>>>>>>> It appears that we can't use Ki.
>>>>>>>>>
>>>>>>>>> So far the development team seems to be happy with "Apache Security
>>>>>>>>> API",
>>>>>>>>> which can have (good) far reaching implications for a good quality
>>>>>>>>> framework.  Any objections?
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>> I think it implies that this project is happy to include all java
>>>>>>>> security
>>>>>>>> work at apache.  For instance, would you be happy to include a xamcl
>>>>>>>> jacc
>>>>>>>> implementation that did not use your Subject but rather the JAAS
>>>>>>>> subject?
>>>>>>>> It would certainly be a java security implementation but AFAICT has
>>>>>>>> little
>>>>>>>> to no overlap with what you are doing now.
>>>>>>>>
>>>>>>>> I think it also has a connotation that apache has somehow approved
>>>>>>>>
>>>>>>>>
>>>>>>> your
>>>>
>>>>
>>>>> api and all projects needing java security  are expected to use it.
>>>>>>>>
>>>>>>>> Dunno if anyone else gets these ideas from the name but I do.  And
>>>>>>>>
>>>>>>>>
>>>>>>> I'm
>>>
>>>
>>>> certainly not implying anything about the nature or quality of this
>>>>>>>> project.... just that naming one project for the entire field of
>>>>>>>>
>>>>>>>>
>>>>>>> which
>>>
>>>
>>>> it is
>>>>>>>> an example may not be without problems and implications.
>>>>>>>>
>>>>>>>>  There is some implication that need to be overviewed, that's for
>>>>>>>>
>>>>>>>>
>>>>>>> sure.
>>>>
>>>>
>>>>> Now,
>>>>>>> we may need a general security umbrella for many different project
>>>>>>> related
>>>>>>> to security. This could be a good starting point.
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> --
>>>>>>>
>>>>>>> cordialement, regards,
>>>>>>> Emmanuel Lécharny
>>>>>>> www.iktek.com
>>>>>>> directory.apache.org
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>
>>
>
>

Re: Name change (again)

[Ben <be...@autonomic.net>]

What about using terminology from JSecurity itself?

something like :  RealmSec

... or decoupling JSec from Java by claiming it stands for Just Security ?

Similarly, it's common to refer to Authorization and Authentication as 
Authz and Authc, so why not authx?  That's quite cool?

It seems like a real risk that you're going to just pick a sub-optimal 
name on a whim here. Let the discussion carry on a while.

At first glance, they all seem plausibly available.

Kindest Regards,

Ben

Les Hazlewood wrote:
> Hi Kalle,
>
> Yes, I agree - it is a bit of a stretch for an abbreviation, but I was
> really looking for a random made-up word that _could_ be based on a more
> direct name for a security project.  It seems like Aseca does alright in
> that space.
>
> I guess it might sound like Acegi a bit, but maybe because of my ignorance
> of Acegi, I just never thought of that.  The other thing is that particular
> project is no longer called Acegi, and given that our name is different
> (enough) and founded based on an abbreviation (of sorts), I don't think we'd
> have any problems.
>
> I also thought of just using Asa or Asea, but there are many more search
> hits for those two terms and wouldn't give us decent google visibility (and
> might actually be a conflict, I'm not sure), whereas Aseca seems to be more
> ideal in the 'hit factor' department.  At least it clears all the major
> criteria for finding a new name that I can think of...
>
> - Les
>
> On Sat, Mar 14, 2009 at 1:39 PM, Kalle Korhonen
> <ka...@gmail.com>wrote:
>
>   
>> As an abbreviation, feels a bit forced, but as a random made-up word Aseca
>> sounds alright. A bit close to Acegi, which could be good or bad and then
>> again, they renamed that project to Spring Security (Acegi 2 anyone? :)
>>
>> Kalle
>>
>>
>> On Sat, Mar 14, 2009 at 8:30 AM, Les Hazlewood <lhazlewood@apache.org
>>     
>>> wrote:
>>>       
>>> Ok, I think I might have a winner here:
>>>
>>> Application SECurity Api (ASECA)
>>>
>>> Nothing comes up at all in a USPTO search, it is generic, kinda rolls off
>>> the toungue/easy to pronounce, it does not assume an Apache 'blanket'
>>> project, and best, it does not have any existing software projects that I
>>> can find.  In fact, there is only one decent match from google for the
>>> "Association of Securities and Exchange Commission Alumni", which I don't
>>> think anyone will disagree is _totally_ different and unrelated to our
>>> project.  There are some PDFs that reference 'aseca', but none are
>>>       
>> related
>>     
>>> to software or security.
>>>
>>> What do you guys think?  This might be the best I can come up with...
>>>
>>> - Les
>>>
>>> On Fri, Mar 13, 2009 at 9:15 PM, Alan D. Cabrera <list@toolazydogs.com
>>>       
>>>> wrote:
>>>>         
>>>> On Mar 13, 2009, at 10:09 AM, Les Hazlewood wrote:
>>>>
>>>>  Now that I've had time to think about it more, if ASF and the
>>>>         
>> Incubator
>>     
>>>>> are
>>>>> ok with 'Apache Security', I think we should try to use that as the
>>>>> project
>>>>> name.
>>>>>
>>>>> This would certainly open up the floodgates for lots of contributions
>>>>>           
>>> from
>>>       
>>>>> the ASF community and new ideas, given that it would have wider
>>>>> visibility.
>>>>> Many projects (Geronimo, Tomcat, et. al) could all help guide us as to
>>>>> what
>>>>> they would want.  I think that'd be great for the project's
>>>>>           
>> livelihood,
>>     
>>> as
>>>       
>>>>> well as be nice for the ASF community as a place where they could
>>>>> consolidate and focus efforts.
>>>>>
>>>>>           
>>>> That's the case for us right now.  Interest in this project is based
>>>>         
>>> solely
>>>       
>>>> on the product itself and the openness of the community, not by the
>>>> implication of the name.
>>>>
>>>>  Mentors - do you think we could use that name? (Or Apache Security API
>>>>         
>>> or
>>>       
>>>>> Apache Security Framework, or whatever)?
>>>>>
>>>>>           
>>>> There would be HUGE resistance from the other projects that are doing
>>>>         
>>> their
>>>       
>>>> own security mechanisms.
>>>>
>>>> IMO, let a thousand flowers bloom.
>>>>
>>>>
>>>> Regards,
>>>> Alan
>>>>
>>>>
>>>>
>>>>         
>>>>> On Fri, Mar 13, 2009 at 4:14 AM, Emmanuel Lecharny <
>>>>>           
>>> elecharny@apache.org
>>>       
>>>>>> wrote:
>>>>>>             
>>>>>  David Jencks wrote:
>>>>>           
>>>>>>             
>>>>>>> On Mar 12, 2009, at 11:50 AM, Les Hazlewood wrote:
>>>>>>>
>>>>>>> Per this thread:
>>>>>>>
>>>>>>>               
>>>>>>>> http://www.jsecurity.org/node/1081#comment-289
>>>>>>>>
>>>>>>>> It appears that we can't use Ki.
>>>>>>>>
>>>>>>>> So far the development team seems to be happy with "Apache Security
>>>>>>>> API",
>>>>>>>> which can have (good) far reaching implications for a good quality
>>>>>>>> framework.  Any objections?
>>>>>>>>
>>>>>>>>
>>>>>>>>                 
>>>>>>> I think it implies that this project is happy to include all java
>>>>>>> security
>>>>>>> work at apache.  For instance, would you be happy to include a xamcl
>>>>>>> jacc
>>>>>>> implementation that did not use your Subject but rather the JAAS
>>>>>>> subject?
>>>>>>> It would certainly be a java security implementation but AFAICT has
>>>>>>> little
>>>>>>> to no overlap with what you are doing now.
>>>>>>>
>>>>>>> I think it also has a connotation that apache has somehow approved
>>>>>>>               
>>> your
>>>       
>>>>>>> api and all projects needing java security  are expected to use it.
>>>>>>>
>>>>>>> Dunno if anyone else gets these ideas from the name but I do.  And
>>>>>>>               
>> I'm
>>     
>>>>>>> certainly not implying anything about the nature or quality of this
>>>>>>> project.... just that naming one project for the entire field of
>>>>>>>               
>> which
>>     
>>>>>>> it is
>>>>>>> an example may not be without problems and implications.
>>>>>>>
>>>>>>>  There is some implication that need to be overviewed, that's for
>>>>>>>               
>>> sure.
>>>       
>>>>>> Now,
>>>>>> we may need a general security umbrella for many different project
>>>>>> related
>>>>>> to security. This could be a good starting point.
>>>>>>
>>>>>>
>>>>>> --
>>>>>> --
>>>>>>
>>>>>> cordialement, regards,
>>>>>> Emmanuel Lécharny
>>>>>> www.iktek.com
>>>>>> directory.apache.org
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>             
>
>   

Re: Name change (again)

[Les Hazlewood <lh...@apache.org>]

Hi Kalle,

Yes, I agree - it is a bit of a stretch for an abbreviation, but I was
really looking for a random made-up word that _could_ be based on a more
direct name for a security project.  It seems like Aseca does alright in
that space.

I guess it might sound like Acegi a bit, but maybe because of my ignorance
of Acegi, I just never thought of that.  The other thing is that particular
project is no longer called Acegi, and given that our name is different
(enough) and founded based on an abbreviation (of sorts), I don't think we'd
have any problems.

I also thought of just using Asa or Asea, but there are many more search
hits for those two terms and wouldn't give us decent google visibility (and
might actually be a conflict, I'm not sure), whereas Aseca seems to be more
ideal in the 'hit factor' department.  At least it clears all the major
criteria for finding a new name that I can think of...

- Les

On Sat, Mar 14, 2009 at 1:39 PM, Kalle Korhonen
<ka...@gmail.com>wrote:

> As an abbreviation, feels a bit forced, but as a random made-up word Aseca
> sounds alright. A bit close to Acegi, which could be good or bad and then
> again, they renamed that project to Spring Security (Acegi 2 anyone? :)
>
> Kalle
>
>
> On Sat, Mar 14, 2009 at 8:30 AM, Les Hazlewood <lhazlewood@apache.org
> >wrote:
>
> > Ok, I think I might have a winner here:
> >
> > Application SECurity Api (ASECA)
> >
> > Nothing comes up at all in a USPTO search, it is generic, kinda rolls off
> > the toungue/easy to pronounce, it does not assume an Apache 'blanket'
> > project, and best, it does not have any existing software projects that I
> > can find.  In fact, there is only one decent match from google for the
> > "Association of Securities and Exchange Commission Alumni", which I don't
> > think anyone will disagree is _totally_ different and unrelated to our
> > project.  There are some PDFs that reference 'aseca', but none are
> related
> > to software or security.
> >
> > What do you guys think?  This might be the best I can come up with...
> >
> > - Les
> >
> > On Fri, Mar 13, 2009 at 9:15 PM, Alan D. Cabrera <list@toolazydogs.com
> > >wrote:
> >
> > >
> > > On Mar 13, 2009, at 10:09 AM, Les Hazlewood wrote:
> > >
> > >  Now that I've had time to think about it more, if ASF and the
> Incubator
> > >> are
> > >> ok with 'Apache Security', I think we should try to use that as the
> > >> project
> > >> name.
> > >>
> > >> This would certainly open up the floodgates for lots of contributions
> > from
> > >> the ASF community and new ideas, given that it would have wider
> > >> visibility.
> > >> Many projects (Geronimo, Tomcat, et. al) could all help guide us as to
> > >> what
> > >> they would want.  I think that'd be great for the project's
> livelihood,
> > as
> > >> well as be nice for the ASF community as a place where they could
> > >> consolidate and focus efforts.
> > >>
> > >
> > > That's the case for us right now.  Interest in this project is based
> > solely
> > > on the product itself and the openness of the community, not by the
> > > implication of the name.
> > >
> > >  Mentors - do you think we could use that name? (Or Apache Security API
> > or
> > >> Apache Security Framework, or whatever)?
> > >>
> > >
> > > There would be HUGE resistance from the other projects that are doing
> > their
> > > own security mechanisms.
> > >
> > > IMO, let a thousand flowers bloom.
> > >
> > >
> > > Regards,
> > > Alan
> > >
> > >
> > >
> > >>
> > >> On Fri, Mar 13, 2009 at 4:14 AM, Emmanuel Lecharny <
> > elecharny@apache.org
> > >> >wrote:
> > >>
> > >>  David Jencks wrote:
> > >>>
> > >>>
> > >>>> On Mar 12, 2009, at 11:50 AM, Les Hazlewood wrote:
> > >>>>
> > >>>> Per this thread:
> > >>>>
> > >>>>>
> > >>>>> http://www.jsecurity.org/node/1081#comment-289
> > >>>>>
> > >>>>> It appears that we can't use Ki.
> > >>>>>
> > >>>>> So far the development team seems to be happy with "Apache Security
> > >>>>> API",
> > >>>>> which can have (good) far reaching implications for a good quality
> > >>>>> framework.  Any objections?
> > >>>>>
> > >>>>>
> > >>>> I think it implies that this project is happy to include all java
> > >>>> security
> > >>>> work at apache.  For instance, would you be happy to include a xamcl
> > >>>> jacc
> > >>>> implementation that did not use your Subject but rather the JAAS
> > >>>> subject?
> > >>>> It would certainly be a java security implementation but AFAICT has
> > >>>> little
> > >>>> to no overlap with what you are doing now.
> > >>>>
> > >>>> I think it also has a connotation that apache has somehow approved
> > your
> > >>>> api and all projects needing java security  are expected to use it.
> > >>>>
> > >>>> Dunno if anyone else gets these ideas from the name but I do.  And
> I'm
> > >>>> certainly not implying anything about the nature or quality of this
> > >>>> project.... just that naming one project for the entire field of
> which
> > >>>> it is
> > >>>> an example may not be without problems and implications.
> > >>>>
> > >>>>  There is some implication that need to be overviewed, that's for
> > sure.
> > >>> Now,
> > >>> we may need a general security umbrella for many different project
> > >>> related
> > >>> to security. This could be a good starting point.
> > >>>
> > >>>
> > >>> --
> > >>> --
> > >>>
> > >>> cordialement, regards,
> > >>> Emmanuel Lécharny
> > >>> www.iktek.com
> > >>> directory.apache.org
> > >>>
> > >>>
> > >>>
> > >>>
> > >
> >
>

Re: Name change (again)

[Les Hazlewood <lh...@apache.org>]

HAHAHAHA, now I can see that.  That's funny :)

Well, I'm definitely open to more suggestions for alternate names.  I
personally think that Aseca is the best route and that we should go with
that, barring any better suggestions.

If that doesn't work for everyone, I think we might be stuck with a total
gibberish name.  I guess I'd be ok with that as long as it is easy to
pronounce.  (e.g. Hadoop sounds just weird - ending on a consonant.  I
wouldn't want something like that)

Mentors and other devs, what do you think?  Would Aseca work?  If not, what
are some of your suggestions?

On Mon, Mar 16, 2009 at 9:47 AM, Ben <be...@autonomic.net> wrote:

> Maybe because my accent's a bit tinged with Yorkshire, no matter how I say
> it out loud, it always comes out the same :-D
>
>
> Les Hazlewood wrote:
>
>> Haha, I think that's a little bit of a stretch :)  My argument would be
>> that
>> people would only create such names if our project sucks or is hard to
>> use.
>> If we play our cards right, that shouldn't be an issue...
>>
>> On Sun, Mar 15, 2009 at 12:28 PM, Ben <be...@autonomic.net> wrote:
>>
>>
>>
>>> Um... so how long before the "wits" starts referring to the package as an
>>> "ass-ache" / "ass-acher" ?!?
>>>
>>>
>>>
>>> Kalle Korhonen wrote:
>>>
>>>
>>>
>>>> As an abbreviation, feels a bit forced, but as a random made-up word
>>>> Aseca
>>>> sounds alright. A bit close to Acegi, which could be good or bad and
>>>> then
>>>> again, they renamed that project to Spring Security (Acegi 2 anyone? :)
>>>>
>>>> Kalle
>>>>
>>>>
>>>> On Sat, Mar 14, 2009 at 8:30 AM, Les Hazlewood <lhazlewood@apache.org
>>>>
>>>>
>>>>> wrote:
>>>>>
>>>>>
>>>>
>>>>
>>>>
>>>>> Ok, I think I might have a winner here:
>>>>>
>>>>> Application SECurity Api (ASECA)
>>>>>
>>>>> Nothing comes up at all in a USPTO search, it is generic, kinda rolls
>>>>> off
>>>>> the toungue/easy to pronounce, it does not assume an Apache 'blanket'
>>>>> project, and best, it does not have any existing software projects that
>>>>> I
>>>>> can find.  In fact, there is only one decent match from google for the
>>>>> "Association of Securities and Exchange Commission Alumni", which I
>>>>> don't
>>>>> think anyone will disagree is _totally_ different and unrelated to our
>>>>> project.  There are some PDFs that reference 'aseca', but none are
>>>>> related
>>>>> to software or security.
>>>>>
>>>>> What do you guys think?  This might be the best I can come up with...
>>>>>
>>>>> - Les
>>>>>
>>>>> On Fri, Mar 13, 2009 at 9:15 PM, Alan D. Cabrera <list@toolazydogs.com
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>> wrote:
>>>>>>     On Mar 13, 2009, at 10:09 AM, Les Hazlewood wrote:
>>>>>>
>>>>>>  Now that I've had time to think about it more, if ASF and the
>>>>>> Incubator
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>> are
>>>>>>> ok with 'Apache Security', I think we should try to use that as the
>>>>>>> project
>>>>>>> name.
>>>>>>>
>>>>>>> This would certainly open up the floodgates for lots of contributions
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>> from
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>>> the ASF community and new ideas, given that it would have wider
>>>>>>
>>>>>>
>>>>>>> visibility.
>>>>>>> Many projects (Geronimo, Tomcat, et. al) could all help guide us as
>>>>>>> to
>>>>>>> what
>>>>>>> they would want.  I think that'd be great for the project's
>>>>>>> livelihood,
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>> as
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>>> well as be nice for the ASF community as a place where they could
>>>>>>
>>>>>>
>>>>>>> consolidate and focus efforts.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>> That's the case for us right now.  Interest in this project is based
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>> solely
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>> on the product itself and the openness of the community, not by the
>>>>>> implication of the name.
>>>>>>
>>>>>>  Mentors - do you think we could use that name? (Or Apache Security
>>>>>> API
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>> or
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>> Apache Security Framework, or whatever)?
>>>>>>
>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>> There would be HUGE resistance from the other projects that are doing
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>> their
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>> own security mechanisms.
>>>>>>
>>>>>> IMO, let a thousand flowers bloom.
>>>>>>
>>>>>>
>>>>>> Regards,
>>>>>> Alan
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>> On Fri, Mar 13, 2009 at 4:14 AM, Emmanuel Lecharny <
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>> elecharny@apache.org
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>>> wrote:
>>>>>>
>>>>>>
>>>>>>>
>>>>>>>>
>>>>>>>  David Jencks wrote:
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>> On Mar 12, 2009, at 11:50 AM, Les Hazlewood wrote:
>>>>>>>>>
>>>>>>>>> Per this thread:
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>> http://www.jsecurity.org/node/1081#comment-289
>>>>>>>>>>
>>>>>>>>>> It appears that we can't use Ki.
>>>>>>>>>>
>>>>>>>>>> So far the development team seems to be happy with "Apache
>>>>>>>>>> Security
>>>>>>>>>> API",
>>>>>>>>>> which can have (good) far reaching implications for a good quality
>>>>>>>>>> framework.  Any objections?
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>> I think it implies that this project is happy to include all java
>>>>>>>>> security
>>>>>>>>> work at apache.  For instance, would you be happy to include a
>>>>>>>>> xamcl
>>>>>>>>> jacc
>>>>>>>>> implementation that did not use your Subject but rather the JAAS
>>>>>>>>> subject?
>>>>>>>>> It would certainly be a java security implementation but AFAICT has
>>>>>>>>> little
>>>>>>>>> to no overlap with what you are doing now.
>>>>>>>>>
>>>>>>>>> I think it also has a connotation that apache has somehow approved
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>> your
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>
>>>>>> api and all projects needing java security  are expected to use it.
>>>>>>
>>>>>>
>>>>>>> Dunno if anyone else gets these ideas from the name but I do.  And
>>>>>>>>> I'm
>>>>>>>>> certainly not implying anything about the nature or quality of this
>>>>>>>>> project.... just that naming one project for the entire field of
>>>>>>>>> which
>>>>>>>>> it is
>>>>>>>>> an example may not be without problems and implications.
>>>>>>>>>
>>>>>>>>>  There is some implication that need to be overviewed, that's for
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>> sure.
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>
>>>>>> Now,
>>>>>>
>>>>>>
>>>>>>> we may need a general security umbrella for many different project
>>>>>>>> related
>>>>>>>> to security. This could be a good starting point.
>>>>>>>>
>>>>>>>>
>>>>>>>> --
>>>>>>>> --
>>>>>>>>
>>>>>>>> cordialement, regards,
>>>>>>>> Emmanuel Lécharny
>>>>>>>> www.iktek.com
>>>>>>>> directory.apache.org
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>
>>>
>>>
>>
>>
>>
>
>

Re: Name change (again)

[Ben <be...@autonomic.net>]

Maybe because my accent's a bit tinged with Yorkshire, no matter how I 
say it out loud, it always comes out the same :-D

Les Hazlewood wrote:
> Haha, I think that's a little bit of a stretch :)  My argument would be that
> people would only create such names if our project sucks or is hard to use.
> If we play our cards right, that shouldn't be an issue...
>
> On Sun, Mar 15, 2009 at 12:28 PM, Ben <be...@autonomic.net> wrote:
>
>   
>> Um... so how long before the "wits" starts referring to the package as an
>> "ass-ache" / "ass-acher" ?!?
>>
>>
>>
>> Kalle Korhonen wrote:
>>
>>     
>>> As an abbreviation, feels a bit forced, but as a random made-up word Aseca
>>> sounds alright. A bit close to Acegi, which could be good or bad and then
>>> again, they renamed that project to Spring Security (Acegi 2 anyone? :)
>>>
>>> Kalle
>>>
>>>
>>> On Sat, Mar 14, 2009 at 8:30 AM, Les Hazlewood <lhazlewood@apache.org
>>>       
>>>> wrote:
>>>>         
>>>
>>>       
>>>> Ok, I think I might have a winner here:
>>>>
>>>> Application SECurity Api (ASECA)
>>>>
>>>> Nothing comes up at all in a USPTO search, it is generic, kinda rolls off
>>>> the toungue/easy to pronounce, it does not assume an Apache 'blanket'
>>>> project, and best, it does not have any existing software projects that I
>>>> can find.  In fact, there is only one decent match from google for the
>>>> "Association of Securities and Exchange Commission Alumni", which I don't
>>>> think anyone will disagree is _totally_ different and unrelated to our
>>>> project.  There are some PDFs that reference 'aseca', but none are
>>>> related
>>>> to software or security.
>>>>
>>>> What do you guys think?  This might be the best I can come up with...
>>>>
>>>> - Les
>>>>
>>>> On Fri, Mar 13, 2009 at 9:15 PM, Alan D. Cabrera <list@toolazydogs.com
>>>>
>>>>
>>>>         
>>>>> wrote:
>>>>>      On Mar 13, 2009, at 10:09 AM, Les Hazlewood wrote:
>>>>>
>>>>>  Now that I've had time to think about it more, if ASF and the Incubator
>>>>>
>>>>>
>>>>>           
>>>>>> are
>>>>>> ok with 'Apache Security', I think we should try to use that as the
>>>>>> project
>>>>>> name.
>>>>>>
>>>>>> This would certainly open up the floodgates for lots of contributions
>>>>>>
>>>>>>
>>>>>>             
>>>>> from
>>>>>           
>>>>         
>>>>> the ASF community and new ideas, given that it would have wider
>>>>>           
>>>>>> visibility.
>>>>>> Many projects (Geronimo, Tomcat, et. al) could all help guide us as to
>>>>>> what
>>>>>> they would want.  I think that'd be great for the project's livelihood,
>>>>>>
>>>>>>
>>>>>>             
>>>>> as
>>>>>           
>>>>         
>>>>> well as be nice for the ASF community as a place where they could
>>>>>           
>>>>>> consolidate and focus efforts.
>>>>>>
>>>>>>
>>>>>>
>>>>>>             
>>>>> That's the case for us right now.  Interest in this project is based
>>>>>
>>>>>
>>>>>           
>>>> solely
>>>>
>>>>
>>>>         
>>>>> on the product itself and the openness of the community, not by the
>>>>> implication of the name.
>>>>>
>>>>>  Mentors - do you think we could use that name? (Or Apache Security API
>>>>>
>>>>>
>>>>>           
>>>> or
>>>>
>>>>
>>>>         
>>>>> Apache Security Framework, or whatever)?
>>>>>           
>>>>>>
>>>>>>             
>>>>> There would be HUGE resistance from the other projects that are doing
>>>>>
>>>>>
>>>>>           
>>>> their
>>>>
>>>>
>>>>         
>>>>> own security mechanisms.
>>>>>
>>>>> IMO, let a thousand flowers bloom.
>>>>>
>>>>>
>>>>> Regards,
>>>>> Alan
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>           
>>>>>> On Fri, Mar 13, 2009 at 4:14 AM, Emmanuel Lecharny <
>>>>>>
>>>>>>
>>>>>>             
>>>>> elecharny@apache.org
>>>>>           
>>>>         
>>>>> wrote:
>>>>>           
>>>>>>>               
>>>>>>  David Jencks wrote:
>>>>>>
>>>>>>
>>>>>>             
>>>>>>>               
>>>>>>>> On Mar 12, 2009, at 11:50 AM, Les Hazlewood wrote:
>>>>>>>>
>>>>>>>> Per this thread:
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>                 
>>>>>>>>> http://www.jsecurity.org/node/1081#comment-289
>>>>>>>>>
>>>>>>>>> It appears that we can't use Ki.
>>>>>>>>>
>>>>>>>>> So far the development team seems to be happy with "Apache Security
>>>>>>>>> API",
>>>>>>>>> which can have (good) far reaching implications for a good quality
>>>>>>>>> framework.  Any objections?
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>                   
>>>>>>>> I think it implies that this project is happy to include all java
>>>>>>>> security
>>>>>>>> work at apache.  For instance, would you be happy to include a xamcl
>>>>>>>> jacc
>>>>>>>> implementation that did not use your Subject but rather the JAAS
>>>>>>>> subject?
>>>>>>>> It would certainly be a java security implementation but AFAICT has
>>>>>>>> little
>>>>>>>> to no overlap with what you are doing now.
>>>>>>>>
>>>>>>>> I think it also has a connotation that apache has somehow approved
>>>>>>>>
>>>>>>>>
>>>>>>>>                 
>>>>>>> your
>>>>>>>               
>>>>         
>>>>> api and all projects needing java security  are expected to use it.
>>>>>           
>>>>>>>> Dunno if anyone else gets these ideas from the name but I do.  And
>>>>>>>> I'm
>>>>>>>> certainly not implying anything about the nature or quality of this
>>>>>>>> project.... just that naming one project for the entire field of
>>>>>>>> which
>>>>>>>> it is
>>>>>>>> an example may not be without problems and implications.
>>>>>>>>
>>>>>>>>  There is some implication that need to be overviewed, that's for
>>>>>>>>
>>>>>>>>
>>>>>>>>                 
>>>>>>> sure.
>>>>>>>               
>>>>         
>>>>> Now,
>>>>>           
>>>>>>> we may need a general security umbrella for many different project
>>>>>>> related
>>>>>>> to security. This could be a good starting point.
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> --
>>>>>>>
>>>>>>> cordialement, regards,
>>>>>>> Emmanuel Lécharny
>>>>>>> www.iktek.com
>>>>>>> directory.apache.org
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>               
>>>       
>>     
>
>   

Re: Name change (again)

[Les Hazlewood <lh...@apache.org>]

Haha, I think that's a little bit of a stretch :)  My argument would be that
people would only create such names if our project sucks or is hard to use.
If we play our cards right, that shouldn't be an issue...

On Sun, Mar 15, 2009 at 12:28 PM, Ben <be...@autonomic.net> wrote:

> Um... so how long before the "wits" starts referring to the package as an
> "ass-ache" / "ass-acher" ?!?
>
>
>
> Kalle Korhonen wrote:
>
>> As an abbreviation, feels a bit forced, but as a random made-up word Aseca
>> sounds alright. A bit close to Acegi, which could be good or bad and then
>> again, they renamed that project to Spring Security (Acegi 2 anyone? :)
>>
>> Kalle
>>
>>
>> On Sat, Mar 14, 2009 at 8:30 AM, Les Hazlewood <lhazlewood@apache.org
>> >wrote:
>>
>>
>>
>>> Ok, I think I might have a winner here:
>>>
>>> Application SECurity Api (ASECA)
>>>
>>> Nothing comes up at all in a USPTO search, it is generic, kinda rolls off
>>> the toungue/easy to pronounce, it does not assume an Apache 'blanket'
>>> project, and best, it does not have any existing software projects that I
>>> can find.  In fact, there is only one decent match from google for the
>>> "Association of Securities and Exchange Commission Alumni", which I don't
>>> think anyone will disagree is _totally_ different and unrelated to our
>>> project.  There are some PDFs that reference 'aseca', but none are
>>> related
>>> to software or security.
>>>
>>> What do you guys think?  This might be the best I can come up with...
>>>
>>> - Les
>>>
>>> On Fri, Mar 13, 2009 at 9:15 PM, Alan D. Cabrera <list@toolazydogs.com
>>>
>>>
>>>> wrote:
>>>>      On Mar 13, 2009, at 10:09 AM, Les Hazlewood wrote:
>>>>
>>>>  Now that I've had time to think about it more, if ASF and the Incubator
>>>>
>>>>
>>>>> are
>>>>> ok with 'Apache Security', I think we should try to use that as the
>>>>> project
>>>>> name.
>>>>>
>>>>> This would certainly open up the floodgates for lots of contributions
>>>>>
>>>>>
>>>> from
>>>
>>>
>>>> the ASF community and new ideas, given that it would have wider
>>>>> visibility.
>>>>> Many projects (Geronimo, Tomcat, et. al) could all help guide us as to
>>>>> what
>>>>> they would want.  I think that'd be great for the project's livelihood,
>>>>>
>>>>>
>>>> as
>>>
>>>
>>>> well as be nice for the ASF community as a place where they could
>>>>> consolidate and focus efforts.
>>>>>
>>>>>
>>>>>
>>>> That's the case for us right now.  Interest in this project is based
>>>>
>>>>
>>> solely
>>>
>>>
>>>> on the product itself and the openness of the community, not by the
>>>> implication of the name.
>>>>
>>>>  Mentors - do you think we could use that name? (Or Apache Security API
>>>>
>>>>
>>> or
>>>
>>>
>>>> Apache Security Framework, or whatever)?
>>>>>
>>>>>
>>>>>
>>>> There would be HUGE resistance from the other projects that are doing
>>>>
>>>>
>>> their
>>>
>>>
>>>> own security mechanisms.
>>>>
>>>> IMO, let a thousand flowers bloom.
>>>>
>>>>
>>>> Regards,
>>>> Alan
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>> On Fri, Mar 13, 2009 at 4:14 AM, Emmanuel Lecharny <
>>>>>
>>>>>
>>>> elecharny@apache.org
>>>
>>>
>>>> wrote:
>>>>>>
>>>>>>
>>>>>  David Jencks wrote:
>>>>>
>>>>>
>>>>>>
>>>>>>
>>>>>>> On Mar 12, 2009, at 11:50 AM, Les Hazlewood wrote:
>>>>>>>
>>>>>>> Per this thread:
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>> http://www.jsecurity.org/node/1081#comment-289
>>>>>>>>
>>>>>>>> It appears that we can't use Ki.
>>>>>>>>
>>>>>>>> So far the development team seems to be happy with "Apache Security
>>>>>>>> API",
>>>>>>>> which can have (good) far reaching implications for a good quality
>>>>>>>> framework.  Any objections?
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>> I think it implies that this project is happy to include all java
>>>>>>> security
>>>>>>> work at apache.  For instance, would you be happy to include a xamcl
>>>>>>> jacc
>>>>>>> implementation that did not use your Subject but rather the JAAS
>>>>>>> subject?
>>>>>>> It would certainly be a java security implementation but AFAICT has
>>>>>>> little
>>>>>>> to no overlap with what you are doing now.
>>>>>>>
>>>>>>> I think it also has a connotation that apache has somehow approved
>>>>>>>
>>>>>>>
>>>>>> your
>>>
>>>
>>>> api and all projects needing java security  are expected to use it.
>>>>>>>
>>>>>>> Dunno if anyone else gets these ideas from the name but I do.  And
>>>>>>> I'm
>>>>>>> certainly not implying anything about the nature or quality of this
>>>>>>> project.... just that naming one project for the entire field of
>>>>>>> which
>>>>>>> it is
>>>>>>> an example may not be without problems and implications.
>>>>>>>
>>>>>>>  There is some implication that need to be overviewed, that's for
>>>>>>>
>>>>>>>
>>>>>> sure.
>>>
>>>
>>>> Now,
>>>>>> we may need a general security umbrella for many different project
>>>>>> related
>>>>>> to security. This could be a good starting point.
>>>>>>
>>>>>>
>>>>>> --
>>>>>> --
>>>>>>
>>>>>> cordialement, regards,
>>>>>> Emmanuel Lécharny
>>>>>> www.iktek.com
>>>>>> directory.apache.org
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>
>>
>>
>
>

Re: Name change (again)

[Ben <be...@autonomic.net>]

Um... so how long before the "wits" starts referring to the package as 
an "ass-ache" / "ass-acher" ?!?


Kalle Korhonen wrote:
> As an abbreviation, feels a bit forced, but as a random made-up word Aseca
> sounds alright. A bit close to Acegi, which could be good or bad and then
> again, they renamed that project to Spring Security (Acegi 2 anyone? :)
>
> Kalle
>
>
> On Sat, Mar 14, 2009 at 8:30 AM, Les Hazlewood <lh...@apache.org>wrote:
>
>   
>> Ok, I think I might have a winner here:
>>
>> Application SECurity Api (ASECA)
>>
>> Nothing comes up at all in a USPTO search, it is generic, kinda rolls off
>> the toungue/easy to pronounce, it does not assume an Apache 'blanket'
>> project, and best, it does not have any existing software projects that I
>> can find.  In fact, there is only one decent match from google for the
>> "Association of Securities and Exchange Commission Alumni", which I don't
>> think anyone will disagree is _totally_ different and unrelated to our
>> project.  There are some PDFs that reference 'aseca', but none are related
>> to software or security.
>>
>> What do you guys think?  This might be the best I can come up with...
>>
>> - Les
>>
>> On Fri, Mar 13, 2009 at 9:15 PM, Alan D. Cabrera <list@toolazydogs.com
>>     
>>> wrote:
>>>       
>>> On Mar 13, 2009, at 10:09 AM, Les Hazlewood wrote:
>>>
>>>  Now that I've had time to think about it more, if ASF and the Incubator
>>>       
>>>> are
>>>> ok with 'Apache Security', I think we should try to use that as the
>>>> project
>>>> name.
>>>>
>>>> This would certainly open up the floodgates for lots of contributions
>>>>         
>> from
>>     
>>>> the ASF community and new ideas, given that it would have wider
>>>> visibility.
>>>> Many projects (Geronimo, Tomcat, et. al) could all help guide us as to
>>>> what
>>>> they would want.  I think that'd be great for the project's livelihood,
>>>>         
>> as
>>     
>>>> well as be nice for the ASF community as a place where they could
>>>> consolidate and focus efforts.
>>>>
>>>>         
>>> That's the case for us right now.  Interest in this project is based
>>>       
>> solely
>>     
>>> on the product itself and the openness of the community, not by the
>>> implication of the name.
>>>
>>>  Mentors - do you think we could use that name? (Or Apache Security API
>>>       
>> or
>>     
>>>> Apache Security Framework, or whatever)?
>>>>
>>>>         
>>> There would be HUGE resistance from the other projects that are doing
>>>       
>> their
>>     
>>> own security mechanisms.
>>>
>>> IMO, let a thousand flowers bloom.
>>>
>>>
>>> Regards,
>>> Alan
>>>
>>>
>>>
>>>       
>>>> On Fri, Mar 13, 2009 at 4:14 AM, Emmanuel Lecharny <
>>>>         
>> elecharny@apache.org
>>     
>>>>> wrote:
>>>>>           
>>>>  David Jencks wrote:
>>>>         
>>>>>           
>>>>>> On Mar 12, 2009, at 11:50 AM, Les Hazlewood wrote:
>>>>>>
>>>>>> Per this thread:
>>>>>>
>>>>>>             
>>>>>>> http://www.jsecurity.org/node/1081#comment-289
>>>>>>>
>>>>>>> It appears that we can't use Ki.
>>>>>>>
>>>>>>> So far the development team seems to be happy with "Apache Security
>>>>>>> API",
>>>>>>> which can have (good) far reaching implications for a good quality
>>>>>>> framework.  Any objections?
>>>>>>>
>>>>>>>
>>>>>>>               
>>>>>> I think it implies that this project is happy to include all java
>>>>>> security
>>>>>> work at apache.  For instance, would you be happy to include a xamcl
>>>>>> jacc
>>>>>> implementation that did not use your Subject but rather the JAAS
>>>>>> subject?
>>>>>> It would certainly be a java security implementation but AFAICT has
>>>>>> little
>>>>>> to no overlap with what you are doing now.
>>>>>>
>>>>>> I think it also has a connotation that apache has somehow approved
>>>>>>             
>> your
>>     
>>>>>> api and all projects needing java security  are expected to use it.
>>>>>>
>>>>>> Dunno if anyone else gets these ideas from the name but I do.  And I'm
>>>>>> certainly not implying anything about the nature or quality of this
>>>>>> project.... just that naming one project for the entire field of which
>>>>>> it is
>>>>>> an example may not be without problems and implications.
>>>>>>
>>>>>>  There is some implication that need to be overviewed, that's for
>>>>>>             
>> sure.
>>     
>>>>> Now,
>>>>> we may need a general security umbrella for many different project
>>>>> related
>>>>> to security. This could be a good starting point.
>>>>>
>>>>>
>>>>> --
>>>>> --
>>>>>
>>>>> cordialement, regards,
>>>>> Emmanuel Lécharny
>>>>> www.iktek.com
>>>>> directory.apache.org
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>           
>
>   

Re: Name change (again)

[Kalle Korhonen <ka...@gmail.com>]

As an abbreviation, feels a bit forced, but as a random made-up word Aseca
sounds alright. A bit close to Acegi, which could be good or bad and then
again, they renamed that project to Spring Security (Acegi 2 anyone? :)

Kalle


On Sat, Mar 14, 2009 at 8:30 AM, Les Hazlewood <lh...@apache.org>wrote:

> Ok, I think I might have a winner here:
>
> Application SECurity Api (ASECA)
>
> Nothing comes up at all in a USPTO search, it is generic, kinda rolls off
> the toungue/easy to pronounce, it does not assume an Apache 'blanket'
> project, and best, it does not have any existing software projects that I
> can find.  In fact, there is only one decent match from google for the
> "Association of Securities and Exchange Commission Alumni", which I don't
> think anyone will disagree is _totally_ different and unrelated to our
> project.  There are some PDFs that reference 'aseca', but none are related
> to software or security.
>
> What do you guys think?  This might be the best I can come up with...
>
> - Les
>
> On Fri, Mar 13, 2009 at 9:15 PM, Alan D. Cabrera <list@toolazydogs.com
> >wrote:
>
> >
> > On Mar 13, 2009, at 10:09 AM, Les Hazlewood wrote:
> >
> >  Now that I've had time to think about it more, if ASF and the Incubator
> >> are
> >> ok with 'Apache Security', I think we should try to use that as the
> >> project
> >> name.
> >>
> >> This would certainly open up the floodgates for lots of contributions
> from
> >> the ASF community and new ideas, given that it would have wider
> >> visibility.
> >> Many projects (Geronimo, Tomcat, et. al) could all help guide us as to
> >> what
> >> they would want.  I think that'd be great for the project's livelihood,
> as
> >> well as be nice for the ASF community as a place where they could
> >> consolidate and focus efforts.
> >>
> >
> > That's the case for us right now.  Interest in this project is based
> solely
> > on the product itself and the openness of the community, not by the
> > implication of the name.
> >
> >  Mentors - do you think we could use that name? (Or Apache Security API
> or
> >> Apache Security Framework, or whatever)?
> >>
> >
> > There would be HUGE resistance from the other projects that are doing
> their
> > own security mechanisms.
> >
> > IMO, let a thousand flowers bloom.
> >
> >
> > Regards,
> > Alan
> >
> >
> >
> >>
> >> On Fri, Mar 13, 2009 at 4:14 AM, Emmanuel Lecharny <
> elecharny@apache.org
> >> >wrote:
> >>
> >>  David Jencks wrote:
> >>>
> >>>
> >>>> On Mar 12, 2009, at 11:50 AM, Les Hazlewood wrote:
> >>>>
> >>>> Per this thread:
> >>>>
> >>>>>
> >>>>> http://www.jsecurity.org/node/1081#comment-289
> >>>>>
> >>>>> It appears that we can't use Ki.
> >>>>>
> >>>>> So far the development team seems to be happy with "Apache Security
> >>>>> API",
> >>>>> which can have (good) far reaching implications for a good quality
> >>>>> framework.  Any objections?
> >>>>>
> >>>>>
> >>>> I think it implies that this project is happy to include all java
> >>>> security
> >>>> work at apache.  For instance, would you be happy to include a xamcl
> >>>> jacc
> >>>> implementation that did not use your Subject but rather the JAAS
> >>>> subject?
> >>>> It would certainly be a java security implementation but AFAICT has
> >>>> little
> >>>> to no overlap with what you are doing now.
> >>>>
> >>>> I think it also has a connotation that apache has somehow approved
> your
> >>>> api and all projects needing java security  are expected to use it.
> >>>>
> >>>> Dunno if anyone else gets these ideas from the name but I do.  And I'm
> >>>> certainly not implying anything about the nature or quality of this
> >>>> project.... just that naming one project for the entire field of which
> >>>> it is
> >>>> an example may not be without problems and implications.
> >>>>
> >>>>  There is some implication that need to be overviewed, that's for
> sure.
> >>> Now,
> >>> we may need a general security umbrella for many different project
> >>> related
> >>> to security. This could be a good starting point.
> >>>
> >>>
> >>> --
> >>> --
> >>>
> >>> cordialement, regards,
> >>> Emmanuel Lécharny
> >>> www.iktek.com
> >>> directory.apache.org
> >>>
> >>>
> >>>
> >>>
> >
>

Re: Name change (again)

[Les Hazlewood <lh...@apache.org>]

Ok, I think I might have a winner here:

Application SECurity Api (ASECA)

Nothing comes up at all in a USPTO search, it is generic, kinda rolls off
the toungue/easy to pronounce, it does not assume an Apache 'blanket'
project, and best, it does not have any existing software projects that I
can find.  In fact, there is only one decent match from google for the
"Association of Securities and Exchange Commission Alumni", which I don't
think anyone will disagree is _totally_ different and unrelated to our
project.  There are some PDFs that reference 'aseca', but none are related
to software or security.

What do you guys think?  This might be the best I can come up with...

- Les

On Fri, Mar 13, 2009 at 9:15 PM, Alan D. Cabrera <li...@toolazydogs.com>wrote:

>
> On Mar 13, 2009, at 10:09 AM, Les Hazlewood wrote:
>
>  Now that I've had time to think about it more, if ASF and the Incubator
>> are
>> ok with 'Apache Security', I think we should try to use that as the
>> project
>> name.
>>
>> This would certainly open up the floodgates for lots of contributions from
>> the ASF community and new ideas, given that it would have wider
>> visibility.
>> Many projects (Geronimo, Tomcat, et. al) could all help guide us as to
>> what
>> they would want.  I think that'd be great for the project's livelihood, as
>> well as be nice for the ASF community as a place where they could
>> consolidate and focus efforts.
>>
>
> That's the case for us right now.  Interest in this project is based solely
> on the product itself and the openness of the community, not by the
> implication of the name.
>
>  Mentors - do you think we could use that name? (Or Apache Security API or
>> Apache Security Framework, or whatever)?
>>
>
> There would be HUGE resistance from the other projects that are doing their
> own security mechanisms.
>
> IMO, let a thousand flowers bloom.
>
>
> Regards,
> Alan
>
>
>
>>
>> On Fri, Mar 13, 2009 at 4:14 AM, Emmanuel Lecharny <elecharny@apache.org
>> >wrote:
>>
>>  David Jencks wrote:
>>>
>>>
>>>> On Mar 12, 2009, at 11:50 AM, Les Hazlewood wrote:
>>>>
>>>> Per this thread:
>>>>
>>>>>
>>>>> http://www.jsecurity.org/node/1081#comment-289
>>>>>
>>>>> It appears that we can't use Ki.
>>>>>
>>>>> So far the development team seems to be happy with "Apache Security
>>>>> API",
>>>>> which can have (good) far reaching implications for a good quality
>>>>> framework.  Any objections?
>>>>>
>>>>>
>>>> I think it implies that this project is happy to include all java
>>>> security
>>>> work at apache.  For instance, would you be happy to include a xamcl
>>>> jacc
>>>> implementation that did not use your Subject but rather the JAAS
>>>> subject?
>>>> It would certainly be a java security implementation but AFAICT has
>>>> little
>>>> to no overlap with what you are doing now.
>>>>
>>>> I think it also has a connotation that apache has somehow approved your
>>>> api and all projects needing java security  are expected to use it.
>>>>
>>>> Dunno if anyone else gets these ideas from the name but I do.  And I'm
>>>> certainly not implying anything about the nature or quality of this
>>>> project.... just that naming one project for the entire field of which
>>>> it is
>>>> an example may not be without problems and implications.
>>>>
>>>>  There is some implication that need to be overviewed, that's for sure.
>>> Now,
>>> we may need a general security umbrella for many different project
>>> related
>>> to security. This could be a good starting point.
>>>
>>>
>>> --
>>> --
>>>
>>> cordialement, regards,
>>> Emmanuel Lécharny
>>> www.iktek.com
>>> directory.apache.org
>>>
>>>
>>>
>>>
>

Re: Name change (again)

["Alan D. Cabrera" <li...@toolazydogs.com>]

On Mar 13, 2009, at 10:09 AM, Les Hazlewood wrote:

> Now that I've had time to think about it more, if ASF and the  
> Incubator are
> ok with 'Apache Security', I think we should try to use that as the  
> project
> name.
>
> This would certainly open up the floodgates for lots of  
> contributions from
> the ASF community and new ideas, given that it would have wider  
> visibility.
> Many projects (Geronimo, Tomcat, et. al) could all help guide us as  
> to what
> they would want.  I think that'd be great for the project's  
> livelihood, as
> well as be nice for the ASF community as a place where they could
> consolidate and focus efforts.

That's the case for us right now.  Interest in this project is based  
solely on the product itself and the openness of the community, not by  
the implication of the name.

> Mentors - do you think we could use that name? (Or Apache Security  
> API or
> Apache Security Framework, or whatever)?

There would be HUGE resistance from the other projects that are doing  
their own security mechanisms.

IMO, let a thousand flowers bloom.


Regards,
Alan

>
>
> On Fri, Mar 13, 2009 at 4:14 AM, Emmanuel Lecharny <elecharny@apache.org 
> >wrote:
>
>> David Jencks wrote:
>>
>>>
>>> On Mar 12, 2009, at 11:50 AM, Les Hazlewood wrote:
>>>
>>> Per this thread:
>>>>
>>>> http://www.jsecurity.org/node/1081#comment-289
>>>>
>>>> It appears that we can't use Ki.
>>>>
>>>> So far the development team seems to be happy with "Apache  
>>>> Security API",
>>>> which can have (good) far reaching implications for a good quality
>>>> framework.  Any objections?
>>>>
>>>
>>> I think it implies that this project is happy to include all java  
>>> security
>>> work at apache.  For instance, would you be happy to include a  
>>> xamcl jacc
>>> implementation that did not use your Subject but rather the JAAS  
>>> subject?
>>> It would certainly be a java security implementation but AFAICT  
>>> has little
>>> to no overlap with what you are doing now.
>>>
>>> I think it also has a connotation that apache has somehow approved  
>>> your
>>> api and all projects needing java security  are expected to use it.
>>>
>>> Dunno if anyone else gets these ideas from the name but I do.  And  
>>> I'm
>>> certainly not implying anything about the nature or quality of this
>>> project.... just that naming one project for the entire field of  
>>> which it is
>>> an example may not be without problems and implications.
>>>
>> There is some implication that need to be overviewed, that's for  
>> sure. Now,
>> we may need a general security umbrella for many different project  
>> related
>> to security. This could be a good starting point.
>>
>>
>> --
>> --
>>
>> cordialement, regards,
>> Emmanuel Lécharny
>> www.iktek.com
>> directory.apache.org
>>
>>
>>

Re: Name change (again)

[Les Hazlewood <lh...@apache.org>]

Now that I've had time to think about it more, if ASF and the Incubator are
ok with 'Apache Security', I think we should try to use that as the project
name.

This would certainly open up the floodgates for lots of contributions from
the ASF community and new ideas, given that it would have wider visibility.
Many projects (Geronimo, Tomcat, et. al) could all help guide us as to what
they would want.  I think that'd be great for the project's livelihood, as
well as be nice for the ASF community as a place where they could
consolidate and focus efforts.

Mentors - do you think we could use that name? (Or Apache Security API or
Apache Security Framework, or whatever)?

On Fri, Mar 13, 2009 at 4:14 AM, Emmanuel Lecharny <el...@apache.org>wrote:

> David Jencks wrote:
>
>>
>> On Mar 12, 2009, at 11:50 AM, Les Hazlewood wrote:
>>
>>  Per this thread:
>>>
>>> http://www.jsecurity.org/node/1081#comment-289
>>>
>>> It appears that we can't use Ki.
>>>
>>> So far the development team seems to be happy with "Apache Security API",
>>> which can have (good) far reaching implications for a good quality
>>> framework.  Any objections?
>>>
>>
>> I think it implies that this project is happy to include all java security
>> work at apache.  For instance, would you be happy to include a xamcl jacc
>> implementation that did not use your Subject but rather the JAAS subject?
>>  It would certainly be a java security implementation but AFAICT has little
>> to no overlap with what you are doing now.
>>
>> I think it also has a connotation that apache has somehow approved your
>> api and all projects needing java security  are expected to use it.
>>
>> Dunno if anyone else gets these ideas from the name but I do.  And I'm
>> certainly not implying anything about the nature or quality of this
>> project.... just that naming one project for the entire field of which it is
>> an example may not be without problems and implications.
>>
> There is some implication that need to be overviewed, that's for sure. Now,
> we may need a general security umbrella for many different project related
> to security. This could be a good starting point.
>
>
> --
> --
>
> cordialement, regards,
> Emmanuel Lécharny
> www.iktek.com
> directory.apache.org
>
>
>

Re: Name change (again)

["Alan D. Cabrera" <li...@toolazydogs.com>]

On Mar 13, 2009, at 1:14 AM, Emmanuel Lecharny wrote:

> David Jencks wrote:
>>
>> On Mar 12, 2009, at 11:50 AM, Les Hazlewood wrote:
>>
>>> Per this thread:
>>>
>>> http://www.jsecurity.org/node/1081#comment-289
>>>
>>> It appears that we can't use Ki.
>>>
>>> So far the development team seems to be happy with "Apache  
>>> Security API",
>>> which can have (good) far reaching implications for a good quality
>>> framework.  Any objections?
>>
>> I think it implies that this project is happy to include all java  
>> security work at apache.  For instance, would you be happy to  
>> include a xamcl jacc implementation that did not use your Subject  
>> but rather the JAAS subject?  It would certainly be a java security  
>> implementation but AFAICT has little to no overlap with what you  
>> are doing now.
>>
>> I think it also has a connotation that apache has somehow approved  
>> your api and all projects needing java security  are expected to  
>> use it.
>>
>> Dunno if anyone else gets these ideas from the name but I do.  And  
>> I'm certainly not implying anything about the nature or quality of  
>> this project.... just that naming one project for the entire field  
>> of which it is an example may not be without problems and  
>> implications.
> There is some implication that need to be overviewed, that's for  
> sure. Now, we may need a general security umbrella for many  
> different project related to security. This could be a good starting  
> point.

I agree with David's observations.

I totally disagree that we need a security umbrella.


Regards,
Alan

Re: Name change (again)

[Emmanuel Lecharny <el...@apache.org>]

David Jencks wrote:
>
> On Mar 12, 2009, at 11:50 AM, Les Hazlewood wrote:
>
>> Per this thread:
>>
>> http://www.jsecurity.org/node/1081#comment-289
>>
>> It appears that we can't use Ki.
>>
>> So far the development team seems to be happy with "Apache Security 
>> API",
>> which can have (good) far reaching implications for a good quality
>> framework.  Any objections?
>
> I think it implies that this project is happy to include all java 
> security work at apache.  For instance, would you be happy to include 
> a xamcl jacc implementation that did not use your Subject but rather 
> the JAAS subject?  It would certainly be a java security 
> implementation but AFAICT has little to no overlap with what you are 
> doing now.
>
> I think it also has a connotation that apache has somehow approved 
> your api and all projects needing java security  are expected to use it.
>
> Dunno if anyone else gets these ideas from the name but I do.  And I'm 
> certainly not implying anything about the nature or quality of this 
> project.... just that naming one project for the entire field of which 
> it is an example may not be without problems and implications.
There is some implication that need to be overviewed, that's for sure. 
Now, we may need a general security umbrella for many different project 
related to security. This could be a good starting point.


-- 
--
cordialement, regards,
Emmanuel Lécharny
www.iktek.com
directory.apache.org

Re: Name change (again)

[Les Hazlewood <lh...@apache.org>]

Hahaha :)

On Fri, Mar 13, 2009 at 11:14 AM, Emmanuel Lecharny <el...@apache.org>wrote:

> Les Hazlewood wrote:
>
>> We could just call it Apache Simple Security.  Now... what would the JIRA
>> key for that be?
>>
>>
>
> HOLE ?
>
>
> --
> --
> cordialement, regards,
> Emmanuel Lécharny
> www.iktek.com
> directory.apache.org
>
>
>

Re: Name change (again)

[Emmanuel Lecharny <el...@apache.org>]

Les Hazlewood wrote:
> We could just call it Apache Simple Security.  Now... what would the JIRA
> key for that be?
>   

HOLE ?

-- 
--
cordialement, regards,
Emmanuel Lécharny
www.iktek.com
directory.apache.org

Re: Name change (again)

[Les Hazlewood <lh...@apache.org>]

I agree Tim, but what would that name be without potentially sounding like
we might be a clearing house in ASF for all things security?  That's the
trick...

We could just call it Apache Simple Security.  Now... what would the JIRA
key for that be?

;)

Sorry, I needed a little levity :)

What about Aplok? (APpLication LOcK)

That seems to be clear of USPTO patents and trademarks, and I don't see any
relevant google results....

On Fri, Mar 13, 2009 at 10:09 AM, Tim Veil <tj...@gmail.com> wrote:

> Les I agree with you about the potential for the name to be a bit
> misleading.  I think that point alone is worth some serious discussion.
>
> One more thought about the name...  If we were discussing a new name for
> some social network or other web 2.0 gimmick I would agree that we should
> should strive to find a "Web 2.0y" name.  As a security framework I don't
> think we need hold ourselves to that standard.  In this space, I think the
> more obvious and straightforward the name is the more successful we could
> be.  I know there are dozens of examples that support and contradict this
> point, but "commons-lang" doesn't suffer from low adoption because the name
> isn't catchy.
>
> Tim
>
>
>
> On Fri, Mar 13, 2009 at 9:28 AM, Les Hazlewood <lhazlewood@apache.org
> >wrote:
>
> > Yeah, I thought about this as well, and it might be a little misleading
> as
> > an umbrella project.  I mean, sure, we want to be the most comprehensive
> > security project out there (that is still easy to use), but such a name
> > might imply that our primary objective would be to support almost any
> > security case needed by the ASF.  I'm not sure we want that implicit
> > responsibility.  Maybe we do, I dunno...
> >
> > What about taking just any name from the Apache language itself?  It
> > doesn't
> > have to mean anything security related, as long as it isn't in use.  At
> > least then its a little more 'in the family'...
> >
> > Thoughts?
> >
> > On Fri, Mar 13, 2009 at 3:36 AM, David Jencks <david_jencks@yahoo.com
> > >wrote:
> >
> > >
> > > On Mar 12, 2009, at 11:50 AM, Les Hazlewood wrote:
> > >
> > >  Per this thread:
> > >>
> > >> http://www.jsecurity.org/node/1081#comment-289
> > >>
> > >> It appears that we can't use Ki.
> > >>
> > >> So far the development team seems to be happy with "Apache Security
> > API",
> > >> which can have (good) far reaching implications for a good quality
> > >> framework.  Any objections?
> > >>
> > >
> > > I think it implies that this project is happy to include all java
> > security
> > > work at apache.  For instance, would you be happy to include a xamcl
> jacc
> > > implementation that did not use your Subject but rather the JAAS
> subject?
> > >  It would certainly be a java security implementation but AFAICT has
> > little
> > > to no overlap with what you are doing now.
> > >
> > > I think it also has a connotation that apache has somehow approved your
> > api
> > > and all projects needing java security  are expected to use it.
> > >
> > > Dunno if anyone else gets these ideas from the name but I do.  And I'm
> > > certainly not implying anything about the nature or quality of this
> > > project.... just that naming one project for the entire field of which
> it
> > is
> > > an example may not be without problems and implications.
> > >
> > > thanks
> > > david jencks
> > >
> > >
> > >
> > >>
> > >> - Les
> > >>
> > >
> > >
> >
>

Re: Name change (again)

[Tim Veil <tj...@gmail.com>]

Les I agree with you about the potential for the name to be a bit
misleading.  I think that point alone is worth some serious discussion.

One more thought about the name...  If we were discussing a new name for
some social network or other web 2.0 gimmick I would agree that we should
should strive to find a "Web 2.0y" name.  As a security framework I don't
think we need hold ourselves to that standard.  In this space, I think the
more obvious and straightforward the name is the more successful we could
be.  I know there are dozens of examples that support and contradict this
point, but "commons-lang" doesn't suffer from low adoption because the name
isn't catchy.

Tim



On Fri, Mar 13, 2009 at 9:28 AM, Les Hazlewood <lh...@apache.org>wrote:

> Yeah, I thought about this as well, and it might be a little misleading as
> an umbrella project.  I mean, sure, we want to be the most comprehensive
> security project out there (that is still easy to use), but such a name
> might imply that our primary objective would be to support almost any
> security case needed by the ASF.  I'm not sure we want that implicit
> responsibility.  Maybe we do, I dunno...
>
> What about taking just any name from the Apache language itself?  It
> doesn't
> have to mean anything security related, as long as it isn't in use.  At
> least then its a little more 'in the family'...
>
> Thoughts?
>
> On Fri, Mar 13, 2009 at 3:36 AM, David Jencks <david_jencks@yahoo.com
> >wrote:
>
> >
> > On Mar 12, 2009, at 11:50 AM, Les Hazlewood wrote:
> >
> >  Per this thread:
> >>
> >> http://www.jsecurity.org/node/1081#comment-289
> >>
> >> It appears that we can't use Ki.
> >>
> >> So far the development team seems to be happy with "Apache Security
> API",
> >> which can have (good) far reaching implications for a good quality
> >> framework.  Any objections?
> >>
> >
> > I think it implies that this project is happy to include all java
> security
> > work at apache.  For instance, would you be happy to include a xamcl jacc
> > implementation that did not use your Subject but rather the JAAS subject?
> >  It would certainly be a java security implementation but AFAICT has
> little
> > to no overlap with what you are doing now.
> >
> > I think it also has a connotation that apache has somehow approved your
> api
> > and all projects needing java security  are expected to use it.
> >
> > Dunno if anyone else gets these ideas from the name but I do.  And I'm
> > certainly not implying anything about the nature or quality of this
> > project.... just that naming one project for the entire field of which it
> is
> > an example may not be without problems and implications.
> >
> > thanks
> > david jencks
> >
> >
> >
> >>
> >> - Les
> >>
> >
> >
>

Re: Name change (again)

[Emmanuel Lecharny <el...@apache.org>]

Erik Beeson wrote:
> Dagasi seems awfully similar to Acegi to me...
>   

What about "qsmocfijzeoiec" ? ;)

PS: you may get a different result on a qwerty keyboard...

ASECA seems just good to me. Just wondering if we could be sued by 
Madoff, as he is certainly a member of the SEC alumni... Is he ?

Last, not least, I have to say that Alan and David may be right about 
the Security umbrella. I'm not sure that it's not a bit too wide for 
just JSecurity. Forget about my idea.

-- 
--
cordialement, regards,
Emmanuel Lécharny
www.iktek.com
directory.apache.org

Re: Name change (again)

[Erik Beeson <er...@gmail.com>]

Dagasi seems awfully similar to Acegi to me...
--Erik


On Fri, Mar 13, 2009 at 7:11 AM, Les Hazlewood <lh...@apache.org>wrote:

> Oooh... I kinda like Dagasi or Achan.
>
> Where did you execute this search?  Are Cherokee or Navajo langauges
> classified as Apache languages (I'm just curious - I don't know much about
> them).  I thought the Apache language was separate (but I have no idea
> really)...
>
> On Fri, Mar 13, 2009 at 10:03 AM, Emmanuel Lecharny <elecharny@apache.org
> >wrote:
>
> > Les Hazlewood wrote:
> >
> >> Yeah, I thought about this as well, and it might be a little misleading
> as
> >> an umbrella project.  I mean, sure, we want to be the most comprehensive
> >> security project out there (that is still easy to use), but such a name
> >> might imply that our primary objective would be to support almost any
> >> security case needed by the ASF.  I'm not sure we want that implicit
> >> responsibility.  Maybe we do, I dunno...
> >>
> >> What about taking just any name from the Apache language itself?  It
> >> doesn't
> >> have to mean anything security related, as long as it isn't in use.  At
> >> least then its a little more 'in the family'...
> >>
> >> Thoughts?
> >>
> >>
> > Could be funny !
> >
> > A quick search...
> > Cherokee :
> > Dagasi (dah-gah-see) means 'lock'
> > Asdudi (ah-sss-dew-dee) means 'door'
> >
> > Navajo :
> > Ahchanh (ah-chanh) means 'protect' (could be written 'achan')
> > Yedzeal (ye-dzhe-al) means 'security
> >
> > Just a 5 mins search ...
> >
> > --
> > --
> >
> > cordialement, regards,
> > Emmanuel Lécharny
> > www.iktek.com
> > directory.apache.org
> >
> >
> >
>

Re: Name change (again)

[Emmanuel Lecharny <el...@apache.org>]

Les Hazlewood wrote:
> Oooh... I kinda like Dagasi or Achan.
>
> Where did you execute this search?  Are Cherokee or Navajo langauges
> classified as Apache languages (I'm just curious - I don't know much about
> them).  I thought the Apache language was separate (but I have no idea
> really)...
>   

I just did a quick google search on 
http://www.yourdictionary.com/languages/north.html

AFAICT, Apache is a separate language, but should we restrict our search 
for a meaningful but available name to Apache ?

Dagasi sounds quite cool. It was the very first one I found related to 
security terms...

-- 
--
cordialement, regards,
Emmanuel Lécharny
www.iktek.com
directory.apache.org

Re: Name change (again)

[Les Hazlewood <lh...@apache.org>]

Oooh... I kinda like Dagasi or Achan.

Where did you execute this search?  Are Cherokee or Navajo langauges
classified as Apache languages (I'm just curious - I don't know much about
them).  I thought the Apache language was separate (but I have no idea
really)...

On Fri, Mar 13, 2009 at 10:03 AM, Emmanuel Lecharny <el...@apache.org>wrote:

> Les Hazlewood wrote:
>
>> Yeah, I thought about this as well, and it might be a little misleading as
>> an umbrella project.  I mean, sure, we want to be the most comprehensive
>> security project out there (that is still easy to use), but such a name
>> might imply that our primary objective would be to support almost any
>> security case needed by the ASF.  I'm not sure we want that implicit
>> responsibility.  Maybe we do, I dunno...
>>
>> What about taking just any name from the Apache language itself?  It
>> doesn't
>> have to mean anything security related, as long as it isn't in use.  At
>> least then its a little more 'in the family'...
>>
>> Thoughts?
>>
>>
> Could be funny !
>
> A quick search...
> Cherokee :
> Dagasi (dah-gah-see) means 'lock'
> Asdudi (ah-sss-dew-dee) means 'door'
>
> Navajo :
> Ahchanh (ah-chanh) means 'protect' (could be written 'achan')
> Yedzeal (ye-dzhe-al) means 'security
>
> Just a 5 mins search ...
>
> --
> --
>
> cordialement, regards,
> Emmanuel Lécharny
> www.iktek.com
> directory.apache.org
>
>
>

Re: Name change (again)

[Emmanuel Lecharny <el...@apache.org>]

Les Hazlewood wrote:
> Yeah, I thought about this as well, and it might be a little misleading as
> an umbrella project.  I mean, sure, we want to be the most comprehensive
> security project out there (that is still easy to use), but such a name
> might imply that our primary objective would be to support almost any
> security case needed by the ASF.  I'm not sure we want that implicit
> responsibility.  Maybe we do, I dunno...
>
> What about taking just any name from the Apache language itself?  It doesn't
> have to mean anything security related, as long as it isn't in use.  At
> least then its a little more 'in the family'...
>
> Thoughts?
>   
Could be funny !

A quick search...
Cherokee :
Dagasi (dah-gah-see) means 'lock'
Asdudi (ah-sss-dew-dee) means 'door'

Navajo :
Ahchanh (ah-chanh) means 'protect' (could be written 'achan')
Yedzeal (ye-dzhe-al) means 'security

Just a 5 mins search ...

-- 
--
cordialement, regards,
Emmanuel Lécharny
www.iktek.com
directory.apache.org

Re: Name change (again)

[Les Hazlewood <lh...@apache.org>]

Yeah, I thought about this as well, and it might be a little misleading as
an umbrella project.  I mean, sure, we want to be the most comprehensive
security project out there (that is still easy to use), but such a name
might imply that our primary objective would be to support almost any
security case needed by the ASF.  I'm not sure we want that implicit
responsibility.  Maybe we do, I dunno...

What about taking just any name from the Apache language itself?  It doesn't
have to mean anything security related, as long as it isn't in use.  At
least then its a little more 'in the family'...

Thoughts?

On Fri, Mar 13, 2009 at 3:36 AM, David Jencks <da...@yahoo.com>wrote:

>
> On Mar 12, 2009, at 11:50 AM, Les Hazlewood wrote:
>
>  Per this thread:
>>
>> http://www.jsecurity.org/node/1081#comment-289
>>
>> It appears that we can't use Ki.
>>
>> So far the development team seems to be happy with "Apache Security API",
>> which can have (good) far reaching implications for a good quality
>> framework.  Any objections?
>>
>
> I think it implies that this project is happy to include all java security
> work at apache.  For instance, would you be happy to include a xamcl jacc
> implementation that did not use your Subject but rather the JAAS subject?
>  It would certainly be a java security implementation but AFAICT has little
> to no overlap with what you are doing now.
>
> I think it also has a connotation that apache has somehow approved your api
> and all projects needing java security  are expected to use it.
>
> Dunno if anyone else gets these ideas from the name but I do.  And I'm
> certainly not implying anything about the nature or quality of this
> project.... just that naming one project for the entire field of which it is
> an example may not be without problems and implications.
>
> thanks
> david jencks
>
>
>
>>
>> - Les
>>
>
>

Re: Name change (again)

[David Jencks <da...@yahoo.com>]

On Mar 12, 2009, at 11:50 AM, Les Hazlewood wrote:

> Per this thread:
>
> http://www.jsecurity.org/node/1081#comment-289
>
> It appears that we can't use Ki.
>
> So far the development team seems to be happy with "Apache Security  
> API",
> which can have (good) far reaching implications for a good quality
> framework.  Any objections?

I think it implies that this project is happy to include all java  
security work at apache.  For instance, would you be happy to include  
a xamcl jacc implementation that did not use your Subject but rather  
the JAAS subject?  It would certainly be a java security  
implementation but AFAICT has little to no overlap with what you are  
doing now.

I think it also has a connotation that apache has somehow approved  
your api and all projects needing java security  are expected to use it.

Dunno if anyone else gets these ideas from the name but I do.  And I'm  
certainly not implying anything about the nature or quality of this  
project.... just that naming one project for the entire field of which  
it is an example may not be without problems and implications.

thanks
david jencks


>
>
> - Les