directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From build...@apache.org
Subject svn commit: r941663 - in /websites/staging/directory/trunk/content: ./ fortress/overview.html
Date Fri, 27 Feb 2015 15:32:23 GMT
Author: buildbot
Date: Fri Feb 27 15:32:23 2015
New Revision: 941663

Log:
Staging update by buildbot for directory

Modified:
    websites/staging/directory/trunk/content/   (props changed)
    websites/staging/directory/trunk/content/fortress/overview.html

Propchange: websites/staging/directory/trunk/content/
------------------------------------------------------------------------------
--- cms:source-revision (original)
+++ cms:source-revision Fri Feb 27 15:32:23 2015
@@ -1 +1 @@
-1662724
+1662725

Modified: websites/staging/directory/trunk/content/fortress/overview.html
==============================================================================
--- websites/staging/directory/trunk/content/fortress/overview.html (original)
+++ websites/staging/directory/trunk/content/fortress/overview.html Fri Feb 27 15:32:23 2015
@@ -169,8 +169,8 @@
 <ul>
 <li>RBAC Core APIs</li>
 <li>RBAC Web Management UI</li>
-<li>RBAC Web Policy Server</li>
-<li>RBAC Policy Enforcement</li>
+<li>RBAC Rest Server</li>
+<li>RBAC Policy Enforcement Plug-in for Tomcat</li>
 <li>Directory Services with <a href="http://www.openldap.org">OpenLDAP</a>
(powered w/Memory-Mapped DB) or <a href="http://directory.apache.org">ApacheDS</a></li>
 </ul>
 <p>It is released under terms of the Apache License 2.0. </p>
@@ -178,7 +178,7 @@
 <p>A demo outlining this capability using embedded Apache Tomcat Server and Realm RBAC
Policy Enforcement contained within QUICKSTART packages. </p>
 <p>Features include...</p>
 <ul>
-<li>RBAC Management via APIs, services and Web pages</li>
+<li>RBAC Management via APIs, Restful services and Web pages</li>
 <li>Password Management via APIs, services and self-service Web pages</li>
 <li>Interrogation of centralized audit for management and enforcement activites via
APIs, services and Web pages</li>
 <li>Policy enforcement plug-ins to enforce policies in Java, Spring, Linux and Windows
platforms</li>
@@ -207,18 +207,10 @@
 <h3 id="auditing">Auditing</h3>
 <p>Fortress audits use OpenLDAP's slapd access log overlay.  This extended capability
stores history of slapd events which are needed for replication.  The events are persisted
in OpenLDAP's back-end database, called the <a href="http://www.openldap.org/pub/hyc/mdm-paper.pdf">Lightning
Memory-Mapped DB</a>, or in ApacheDS.</p>
 <p>The Fortress audits rely on slapd events to track its data exchanges performed within
its own APIs.  Change event tracking includes adds, updates, and deletes of Fortress entities.
 Read and search events tracked include user authentication, authorization, and policy interrogations.
 Full historical data change tracking is maintained and may be searched later with APIs to
be used for monitoring, reporting, and undo. The log may be retrieved later to synch with
outside database for long-term regulatory and compliance concerns.  </p>
-<p>Fortress will soon use its audit trail for <em>adaptive authorization</em>
to stop bad things before they happen.  For example...</p>
-<ul>
-<li>If there have been more than 1,000 authentication failures during the last 60 seconds,
notify members of the support center.  Give them a chance to sort it all out. </li>
-<li>If a particular user has failed more than three <em>authorizations</em>
during the last 5 minutes, bar access for 20 minutes.  Send email to supervisor and business
manager over the web resources.</li>
-<li>If customer withdrawls more than 5,000 pounds in 24 hours, deny further withdrawl
for duration of one day. Send notification to customer's email address.</li>
-<li>If more than 1,000,000 Euros are traded within the portfolio of any one trader
or group of traders, during any 4 hour period, prevent further trading until manual unlock
performed by risk management group.</li>
-<li>etc...</li>
-</ul>
 <h3 id="temporal-constraints">Temporal Constraints</h3>
 <p>The Fortress Temporal model allows Users and Roles to carry time and date Constraints
which govern when activations may occur. Role constraints are checked on every call into Fortress.
 The user constraint applied only at session creation.</p>
 <h3 id="ansi-rbac-policy-enhanced-incits-494-2012">ANSI RBAC Policy-Enhanced (INCITS-494-2012)</h3>
-<p>Not yet.</p>
+<p>One day.</p>
 <h2 id="what-security-services-are-available">What security services are available?</h2>
 <p>Over one hundred services divided across the Manager components.  Some of them (Access,
Admin and Review) map back to <a href="http://csrc.nist.gov/groups/SNS/rbac/documents/draft-rbac-implementation-std-v01.pdf">ANSI
RBAC functional specifications</a>.  Others (DelAccess, DelAdmin, DelReview) are for
the <a href="http://profsandhu.com/journals/tissec/p113-oh.pdf">ARBAC02</a> model
which help manage admnistrative burden for large enterprises.  </p>
 <p>Each manager component defined below has a specific purpose and contains a collection
of related functions to control the Fortress Entities as they pass through its particular
area of the identity lifecycle.  Of late the APIs have been wrapped with REST by En Masse
Policy Server.  This allows Fortress functionality to be accessed over HTTP protocol using
an XML message format.</p>
@@ -239,7 +231,7 @@
 <li><a href="https://git-wip-us.apache.org/repos/asf/directory-fortress-core.git">Fortress
Core</a> - RBAC SDK</li>
 <li><a href="https://git-wip-us.apache.org/repos/asf/directory-fortress-commander.git">Fortress
Web</a> - RBAC Web Management UI</li>
 <li><a href="https://git-wip-us.apache.org/repos/asf/directory-fortress-enmasse.git">Fortress
Rest</a> - RBAC REST Server</li>
-<li><a href="https://git-wip-us.apache.org/repos/asf/directory-fortress-realm.git">Fortress
Realm</a> - RBAC Policy Enforcement Plugin for Tomcat</li>
+<li><a href="https://git-wip-us.apache.org/repos/asf/directory-fortress-realm.git">Fortress
Realm</a> - RBAC Policy Enforcement Plug-in for Tomcat</li>
 </ul>
 <h2 id="what-are-the-conditions">What are the conditions?</h2>
 <p>This software development toolkit is open source, thus free to use and distribute
under terms of the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License
2.0</a>.  It was developed and tested on open systems like <a href="http://www.ubuntu.com/">Ubuntu</a>
and <a href="http://www.centos.org/">Centos</a> and was helped along by the following
open source products:</p>



Mime
View raw message