J2EE containers restrict client access to the resources and services
they contain based on the client's identity. JSR 115 seeks to enhance
this functionality by defining roles as collections of permissions
(instances of the java.security.Permission classes) and providing a
means for containers to make access decisions by operating on these
permissions, a facility that is current not standardized.
JSR 115 will define new subclasses of the java.security.Permission
class. It will also define the mechanism by which authorization
providers are installed and configured for use by containers.
According to the published JSR 115 timetable, the specification will be
submitted to the Sun JCE PMO (Program Management Office) in the fourth
quarter of this year. With luck, the PMO will post the specification
for public review soon after.
To learn more, surf to: http://www.jcp.org/jsr/detail/115.jsp