On Apr 19, 2016, at 16:34:27,Achilleas Mantzios wrote:
I admit I haven’t done my homework regarding the standards (the literature is just huge), maybe I was hasty in using the term RBAC above, but anyway what does Fortress/RBAC give out of the box that our solution wouldn’t, I mean you wouldn’t mind giving a very rough overview ?
Not knowing what your solution provides it's not possible for me to give you a comparison and in any case that’s a question for you to decide.
If you want to understand fortress, first understand its apis, there are links to javadoc descs at the bottom of this page:
https://directory.apache.org/fortress/overview.html
If after that you are still interested, checkout the tutorials:
- http://github.com/shawnmckinney/apache-fortress-demo - http://github.com/shawnmckinney/role-engineering-sample - http://github.com/shawnmckinney/wicket-sample - http://github.com/shawnmckinney/fortress-saml-demo
or some of the collateral that is here:
- http://iamfortress.net/2015/06/11/what-is-delegated-administration/ - http://iamfortress.net/2015/03/13/enabling-java-ee-and-fortress-security-ins... - http://iamfortress.net/2015/03/05/the-seven-steps-of-role-engineering/ - http://iamfortress.net/2015/02/16/apache-fortress-end-to-end-security-tutori... - http://iamfortress.net/2014/11/24/using-role-for-access-control-is-not-rbac/
Shawn
On 19/04/2016 19:22, Shawn McKinney wrote:
On Apr 19, 2016, at 16:34:27,Achilleas Mantzios wrote:
I admit I haven’t done my homework regarding the standards (the literature is just huge), maybe I was hasty in using the term RBAC above, but anyway what does Fortress/RBAC give out of the box that our solution wouldn’t, I mean you wouldn’t mind giving a very rough overview ?
Not knowing what your solution provides it's not possible for me to give you a comparison and in any case that’s a question for you to decide.
Hello Shawn, nice seeing you again! We had talked back in 2014, but didn't have a chance to move on with our goals back then. Let me repeat our needs, having to do mostly with SOX compliance :
/"// //we have an inhouse application running on Java EE, which we have been developing for the last 16 years. We use mostly classic form-based j2ee declarative security. We have been using IBM Lotus Notes Domino Server and its bundled LDAP server, by writing our own login module for Jboss. But lotus's LDAP is of limited potential. Now we need to have the following features :// //- support password strength and also communicate relevant error codes/messages back to the calling client (e.g. jboss login module)// //- handle correctly while in period of passwd expiration warning (error codes/messages)// //- handle correctly after period of passwd expiration, but within the grace limit (error codes/messages)// //- support password history (error codes/messages)// //- handle correctly after period of passwd expiration, and also after grace limit (error codes/messages)// //- account explicitly locked (error codes/messages)// //- handle //pwdMustChange & pwdReset //(error codes/messages)// //- account explicitly locked after //pwdMaxFailure //(error codes/messages)// //"// /
If you want to understand fortress, first understand its apis, there are links to javadoc descs at the bottom of this page:
https://directory.apache.org/fortress/overview.html
If after that you are still interested, checkout the tutorials:
- http://github.com/shawnmckinney/apache-fortress-demo
- http://github.com/shawnmckinney/role-engineering-sample
- http://github.com/shawnmckinney/wicket-sample
- http://github.com/shawnmckinney/fortress-saml-demo
or some of the collateral that is here:
- http://iamfortress.net/2015/06/11/what-is-delegated-administration/
- http://iamfortress.net/2015/03/13/enabling-java-ee-and-fortress-security-ins...
- http://iamfortress.net/2015/03/05/the-seven-steps-of-role-engineering/
- http://iamfortress.net/2015/02/16/apache-fortress-end-to-end-security-tutori...
- http://iamfortress.net/2014/11/24/using-role-for-access-control-is-not-rbac/
Thanks, I surely must read those.
Shawn
openldap-technical@openldap.org
-
Achilleas Mantzios -
Shawn McKinney