Jakarta Authentication defines a general low-level SPI for authentication mechanisms, which are controllers that interact with a caller and a container's environment to obtain the caller's credentials, validate these, and pass an authenticated identity (such as name and groups) to the container.
First release for Jakarta EE 8
Release for Jakarta EE 9
Release for Jakarta EE 10
Release for Jakarta EE 11