Win a copy of Programmer's Guide to Java SE 8 Oracle Certified Associate (OCA) this week in the OCAJP forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

SCEA 5 (Part II) � Authentication and Authorization

 
Dan Jones
Greenhorn
Posts: 5
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The SCEA 5 assignment never specifically mentions authentication and authorization in the requirements for the application that needs to be designed. Is it fair to assume that they are out of scope, and mention this in the �Design Assumptions� section of the write-up?
 
Hong Anderson
Ranch Hand
Posts: 1936
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I think you should focus on what are assignment objectives.

If your solution satisfies all assignment objectives very well, you can do what is not in as you want.
 
Rodrigo Lopes
Ranch Hand
Posts: 119
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Originally posted by Dan Jones:
The SCEA 5 assignment never specifically mentions authentication and authorization in the requirements for the application that needs to be designed.

What do you mean by "never"? There were some requirements about this in my assignment. I don't know how specific I can be to mention details of the assignment...
 
Dan Jones
Greenhorn
Posts: 5
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
By �never,� I mean that there is absolutely no mention of logging into the system, user profile management, or any authentication/authorization requirements.

My recollection is that this was not the case for the old SCEA exam, but in my SCEA 5 assignment, authentication/authorization is apparently ignored. Perhaps because SCEA 5 has new deliverables (deployment diagram, risks and mitigation, etc.), the use case load has been lightened.

I am quite positive that as long as we document our choices properly in the �Design Assumptions� section in our write-up, the decision to ignore a non-existent requirement cannot be held against us. However, a small part of me fears that the exam creators want us to believe that securing an application is a fundamental, implied enterprise architecture requirement, and that our design has to take this into account in order to receive full credit, despite the lack of explicit requirements.

Is anyone aware of Sun�s philosophy regarding this issue?
 
Andrew Monkhouse
author and jackaroo
Marshal Commander
Pie
Posts: 11907
207
C++ Firefox Browser IntelliJ IDE Java Mac Oracle
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Dan,

As specified in the JavaRanch SCEA FAQ:
  • What is the policy on posting questions I saw on the exam / details of how to do the assignment?



  • You may not describe or talk about the questions you saw on any of the Sun exams - see the JavaRanch Policy on Real Questions for further details. (http://www.javaranch.com/realquestions.jsp)

    For questions / discussions on the assignment, in general we will allow discussion where members are trying to understand the domain model and/or terms used in the assignment. We will also allow questions about which tools to use.

    But we will not allow discussion on a solution to the assignment (or a part of the assignment) itself.

    Refer to the thread IMPORTANT - Position on real assignment (Part 2) questions for more information.

    You are getting dangerously close to getting into too much assignment detail. Please try and keep this at a meta level or I will need to delete this topic.

    Regards, Andrew
     
    • Post Reply
    • Bookmark Topic Watch Topic
    • New Topic