My name is Darran Lofthouse, I am a Principal Software Engineer and Associate Manager working at Red Hat.

I have been using or developing in Java since around 2000 where I was making use of Java for various projects at university so over the years have seen the evolution of the language.

During my time at JBoss and Red Hat I have worked in a number of roles.  I started off in our support team primarily providing support for web services and security.  After this I moved to the engineering team as JBoss AS 7 was starting to be developed developing the security realm implementation used to manage the server.  After a while it became apparent that we needed a new approach to security across the application server and so I co-founded and co-led the introduction of the WildFly Elytron project which brough a new suite of security APIs, SPIs, and implementations to the WildFly application server and subsequently JBoss EAP.

Through my work with JBoss and WildFly I have also been an active use of Java / Jakarta EE starting with Java EE 1.3 and I am actively involved in specification discussions around the future development of the security specifications being a commiter on the Jakarta Authentication, Authorization, and Security specifications and also a commiter on the Soteria and SmallRye-JWT projects.

I have now handed over the leadership of the WildFly Elytron project as I have taken on the responsibility of managing a small team of engineers working on WildFly and JBoss EAP.  I am still actively involved in the development of WildFly Elytron and WildFly in general but also have the additional responsibility of being the engineering release coordinator for JBoss EAP.

Before joining JBoss and subsequently Red Hat I was working at a company making use of JBoss 3 so I have been working with OpenSource software for almost my entire career.  In addition to being an active community contributor one of my earliest contributions was a project to bring SPNEGO support to JBoss, this ended up becoming the basis for the JBoss Negotiation project.

Outside of work I am also in the early stages of getting into developing for Raspberry Pi boards.  Working at Red Hat I had no shortage of access to machines running Linux so running Linux on an SBC hadn’t caught my attention but recently I found the Raspberry Pi Pico with the RP2040 processor where I am currently experimenting writing security algorithms in assembly.

This site is my personal blog, it is intended to cover various technical topics some of which will relate to my day job and security but hopefully other topics as well, all opinions expressed are my own.

In addition to my blog you can also follow me on Mastodon @[email protected]