On Aug 15, 2011, at 7:15 PM, shawn.mckinney@jtstools.com shawn.mckinney@jtstools.com wrote:

The product named "Fortress Core" includes contributions that were created by JoshuaTree Software, LLC, who is the exclusive owner of the works. This contribution is made available as indicated by the copyright and license statements attached to the the work.

Shawn, the wording of this statement is not sufficient clear for a couple of reasons. One, the term product doesn't necessarily refer to the contributed works. Two, "includes" language doesn't exclude the possibility that portions of the contributed work were created by others. We need the statement of origin to be quite clear. Assuming all of the contributed works were created by JohshuaTree Software, LLC, we suggest stating something of the form.

The contributed works provided by <creator> and referenced in this ITS were created by <creator>, who is the exclusive owner of the contributed works. The contributed works are made available as indicated in the copyright and license statements attached to the work.

where <creator> was replaced with JoshuaTree Software, LLC.

Please restate the statement of origin, either in the above form or other appropriate form, in response to this ITS.

Regards, Kurt

Shawn McKinney -------- Original Message -------- Subject: Re: (ITS#6995) Request for Contribution of Identity Access Management Software to OpenLDAP Project From: Kurt Zeilenga Kurt@OpenLDAP.org Date: Mon, August 15, 2011 2:35 pm To: shawn.mckinney@jtstools.com Cc: openldap-its@OpenLDAP.org

Shawn,

I have reviewed the submitted materials.

Other than a lack of a statement of origin, I find no reason why these materials cannot be accepted. Please submit a "statement of origin" in a follow-up to this ITS. This can simply be a statement to the effect that the all the submitted materials were authored by JoshuaTree Software, JoshaaTree is the exclusive owner of the works, and that the contribution is made available as indicated by the copyright and license statements in the work. If the work includes materials derived from works to which others own or otherwise have rights to, please detail.

The Foundation has no objection to the Project establishing a sub-project of the OpenLDAP Project, similar to the Java LDAP and JDBC-LDAP sub projects, to develop works based upon your contribution. It is the Foundation understanding that Project is also willing to establish such a sub-project, and extend commit privs to the key developers who produced the contributed work.

It is noted that the OpenLDAP Foundation, if it accepts the final contribution, would from time to time publish works derived (such as the source repository itself, and possibly packaged source bundles) from your contribution as well as possibly the contributions of others. The OpenLDAP Foundation will license its copyright right interests (initially likely quite limited) using the OpenLDAP Public License, and will encourage community members to license their contributions in a manner consistent with our general contribution guidelines. The OpenLDAP Public License is compatible with the 'New BSD open source license' and similar in its basic terms.

The initial COPYRIGHT file (upon acceptance and initial publication by the OpenLDAP Foundation) would be based on the COPYRIGHT file currently found in OpenLDAP Software distributions, excepting JoshuaTree Software would be named as the contributor of the materials for which the published work is derived from, and notice immediately following the Foundation's notice would be that provided by JoshauTree covering the work as contributions.

It is noted that I recently attempted to re-download the materials and they were no longer available. That fine, we'd want you to upload fresh zips to our servers once we all were ready to proceed.

Regards, Kurt

On Jul 14, 2011, at 6:51 PM, shawn.mckinney@jtstools.com wrote:

...

Full_Name: Shawn McKinney Version: All OS: All URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (99.34.198.251)

Hello,

We have created a new Identity and Access Management SDK, called Fortress, that uses Java and OpenLDAP to provide authentication, RBAC, ARBAC, password policies, auditing and more.

It has taken us 2.5 years of steady work to get it ready for this 1.0 release. This SDK has approximately 50K lines of Java code of which approximately 25K are dedicated to testing using JUnit automated tests to ensure it works correctly. There are in excess of 100 public APIs available for use. There is also a Java EE container plug-in that provides authentication and authorization services to Websphere, Tomcat and JBoss app servers in a declarative fashion.

This product has not been published and we would like to release it as one of the products under OpenLDAP family of products. The product will be released under New BSD open source license (license information is contained in the source archives on ftp server).

I have uploaded seven packages to our FTP server that contain the source, documentation and other items for you to look at.

host: jtstools.com user: jtsguest1 pw: OpenLd@p1

The packages are as follows:

Fortress Core SDK

1. source - fortressSrc-1.0.0-rc1.zip - 352K bytes
2. source - fortressTestSrc-1.0.0-rc1.zip - 159K bytes
3. tutorial/doc - fortressSamples-1.0.0-rc1.zip - 766K bytes
4. javadoc - fortressDoc-1.0.0-rc1.zip - 1.4M bytes
5. ldap (folder) - Fortress schema and OpenLDAP slapd.conf

Fortress Realm (Java EE Container plug-ins)

6. source - fortressRealmSrc-1.0.0-rc1.zip - 45K bytes
7. javadoc - fortressRealmDoc-1.0.0-rc1.zip - 76K bytes

Package 4 contains complete javadoc for the APIs.

In package 4, this link, ./fortressDoc-1.0.0-rc1/index.html, contains the overall summary of the SDK.

this link, ./oamCore/trunk/dist/docs/api/index.html, contains package descriptions along with detailed documentation describing the contents of the SDK.

What we are requesting from the OpenLDAP foundation:

1. Source code repository to host the SDK and Realm packages.
2. Bug tracking.
3. Developer and User forums.
4. Wiki (this is a nice to have)

Our goal is to run the open source project with your organization and cultivate a healthy developer and user community. We have high hopes for this product (and OpenLDAP) and consider the 2 products together as an open source alternative for IAM products that will compete with the commercial vendor offerings.

Once 1.0 is released, we will begin working on 2.0 which will include UI's to control Fortress and OpenLDAP along with a policy server to wrap the Fortress Java APIs with HTTP/REST Web APIs to make it available to all platforms.

Thanks in advance for your consideration.

Shawn McKinney JoshuaTree Software shawn.mckinney@jtstools.com