directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From smckin...@apache.org
Subject svn commit: r1739404 - in /directory/site/trunk/content/fortress: installation.mdtext overview.mdtext
Date Sat, 16 Apr 2016 04:39:37 GMT
Author: smckinney
Date: Sat Apr 16 04:39:37 2016
New Revision: 1739404

URL: http://svn.apache.org/viewvc?rev=1739404&view=rev
Log:
rework

Modified:
    directory/site/trunk/content/fortress/installation.mdtext
    directory/site/trunk/content/fortress/overview.mdtext

Modified: directory/site/trunk/content/fortress/installation.mdtext
URL: http://svn.apache.org/viewvc/directory/site/trunk/content/fortress/installation.mdtext?rev=1739404&r1=1739403&r2=1739404&view=diff
==============================================================================
--- directory/site/trunk/content/fortress/installation.mdtext (original)
+++ directory/site/trunk/content/fortress/installation.mdtext Sat Apr 16 04:39:37 2016
@@ -20,6 +20,9 @@ Notice: Licensed to the Apache Software
 
 These Installation guides show you how to do a base install of Fortress Core, Rest and Web
components using either ApacheDS or OpenLDAP along with Apache Tomcat:
 
-* [Installation Quickstart for ApacheDS](https://github.com/apache/directory-fortress-core/blob/master/README-QUICKSTART-APACHEDS.md)
- shows how to install with ApacheDS.
-* [Installation Quickstart for OpenLDAP](https://github.com/apache/directory-fortress-core/blob/master/README-QUICKSTART-SLAPD.md)
- shows how to install with Symas OpenLDAP.
-* [Installation Guide for Preexisting OpenLDAP](https://github.com/apache/directory-fortress-core/blob/master/README.md)
- describes installation using pre-existing OpenLDAP instance (SECTION 6)
+* Install Core for use with APACHEDS - [README-QUICKSTART-APACHEDS.md] - (https://github.com/apache/directory-fortress-core/blob/master/README-QUICKSTART-APACHEDS.md)
+* Install Core for use with OPENLDAP - [README-QUICKSTART-SLAPD.md] - (https://github.com/apache/directory-fortress-core/blob/master/README-QUICKSTART-SLAPD.md)
+* Configure Tomcat Global Security using Realm - [REALM-HOST-SETUP.md] - (https://github.com/apache/directory-fortress-realm/blob/master/REALM-HOST-SETUP.md)
+* Configure Tomcat Local Security using Realm - [REALM-CONTEXT-SETUP.md] - (https://github.com/apache/directory-fortress-realm/blob/master/REALM-CONTEXT-SETUP.md)
+* Install Fortress Rest to Tomcat - [README-QUICKSTART.md] - (https://github.com/apache/directory-fortress-enmasse/blob/master/README-QUICKSTART.md)
+* Install Fortress Web to Tomcat - [README-QUICKSTART.md] - (https://github.com/apache/directory-fortress-commander/blob/master/README-QUICKSTART.md)

Modified: directory/site/trunk/content/fortress/overview.mdtext
URL: http://svn.apache.org/viewvc/directory/site/trunk/content/fortress/overview.mdtext?rev=1739404&r1=1739403&r2=1739404&view=diff
==============================================================================
--- directory/site/trunk/content/fortress/overview.mdtext (original)
+++ directory/site/trunk/content/fortress/overview.mdtext Sat Apr 16 04:39:37 2016
@@ -18,48 +18,38 @@ Notice: Licensed to the Apache Software
 
 # Fortress Overview
 
-## Rationale
+FORTRESS provides a standards-based access management system that provides role-based access
control, delegated administration and password policies APIs and servivces.  It uses LDAP
for its data storage.
 
-FORTRESS was built to the highest standards of security combined with easy installation and
ongoing maintenance.  It allows service providers to avoid vendor lock-in, high licensing
costs and steep learning curves.
+## What's in it?  
 
-This security system was designed to be deployed into a wide variety of system environments
easily. Adopters need not have expertise in Unix, LDAP or other system technologies to install,
maintain and use. The result is a high-quality, low-cost solution for identity and access
control.
+Included are the following components:
 
-## What is it?  
-
-Fortress is a standards-based and open source access management system that provides ANSI
RBAC (INCITS 359) management and enforcement capabilities. 
-
-Included in Fortress packages:
-
-* RBAC Core APIs
-* RBAC Web Management UI
-* RBAC Rest Server
-* RBAC Policy Enforcement Plug-in for Tomcat
-* Directory Services with [OpenLDAP](http://www.openldap.org) (powered w/Memory-Mapped DB)
or [ApacheDS](http://directory.apache.org)
+* Core  - Java Access Management SDK
+* Realm - Java EE security for Apache Tomcat
+* Rest  - HTTP protocol wrappers for the APIs
+* Web   - HTML pages for the APIs
 
 It is released under terms of the Apache License 2.0. 
 
-## What can it do currently?
+## How Does It Work?
+
+To learn more, check out the quickstarts:
 
-Demos outlining the capability contained within README files in root of fortress core package.

+* Install Core for use with APACHEDS - [README-QUICKSTART-APACHEDS.md] - (https://github.com/apache/directory-fortress-core/blob/master/README-QUICKSTART-APACHEDS.md)
+* Install Core for use with OPENLDAP - [README-QUICKSTART-SLAPD.md] - (https://github.com/apache/directory-fortress-core/blob/master/README-QUICKSTART-SLAPD.md)
+* Configure Tomcat Global Security using Realm - [REALM-HOST-SETUP.md] - (https://github.com/apache/directory-fortress-realm/blob/master/REALM-HOST-SETUP.md)
+* Configure Tomcat Local Security using Realm - [REALM-CONTEXT-SETUP.md] - (https://github.com/apache/directory-fortress-realm/blob/master/REALM-CONTEXT-SETUP.md)
+* Install Fortress Rest to Tomcat - [README-QUICKSTART.md] - (https://github.com/apache/directory-fortress-enmasse/blob/master/README-QUICKSTART.md)
+* Install Fortress Web to Tomcat - [README-QUICKSTART.md] - (https://github.com/apache/directory-fortress-commander/blob/master/README-QUICKSTART.md)
 
-Features include...
+Other README's:
 
-* RBAC Management via APIs, Restful services and Web pages
-* Password Management via APIs, services and self-service Web pages
-* Interrogation of centralized audit for management and enforcement activites via APIs, services
and Web pages
-* Policy enforcement plug-ins to enforce policies in Java, Spring, Linux and Windows platforms
-* Documented Install Guide and freely available [Fortress Quickstart](quick-start.html) packages
to demonstrate all of the above
-* Multi-tenant segregation of data into directory.
-* Directory replication to satisfy mission critical requirements like high availability and
disaster recovery.
-* Documented utiliites to run Fortress functions from command line interpeter.  
-* Callback routines used to automate custom data loading requirements using the fortress
Ant XML scripting tool to facilitate bulk loading and auto installs.
-* Automatic, configurable, and extensible junit test suite to certify Fortress IAM into new
system environments.
-* Javadoc API guide 
-* Customizable Samples to show common API usages
+* How Fortress Multitenancy works - [README-MULTITENANCY.md] - (https://github.com/apache/directory-fortress-core/blob/master/README-MULTITENANCY.md)
+* How the Fortress Config subsystem works - [README-CONFIG.md] - (https://github.com/apache/directory-fortress-core/blob/master/README-CONFIG.md)
 
 ## What technologies at play?
 
-Fortress products run on open system hardware and software platforms supporting LDAPv3, HTTP/S
& Java technologies. Functionality that extend beyond LDAPv3 is realized via OpenLDAP/ApacheDS
specific features. With the advent of EnMasse & Commander products, [Apache Tomcat](http://tomcat).apache.org/,
or preferred Java servlet container is used to process HTTP communications between endpoints.
 Fortress provides downloadable packages called QUICKSTARTS which include instructions for
first-time install and use of these products.
+Fortress products run on open system hardware and software platforms supporting LDAPv3, HTTP/S
& Java technologies. Functionality that extend beyond LDAPv3 is realized via OpenLDAP/ApacheDS
specific features. With the advent of Rest and Web products, [Apache Tomcat](http://tomcat).apache.org/,
or preferred Java servlet container is used to process HTTP communications between endpoints.
 
 
 ## What standards apply?
 
@@ -67,17 +57,17 @@ The following technology standards are a
 
 ### ANSI Role-Based Access Control (INCITS 359) 
 
-There is more to compliance than assigning users to groups and applying ACL policies within
directories or databases.  [RBAC](http://csrc.nist.gov/groups/SNS/rbac/documents/draft-rbac-implementation-std-v01.pdf)
systems provide selective Role activation/deactivation, role hierarchies, and constraints
over separation of duty.  The [RBAC](http://csrc.nist.gov/groups/SNS/rbac/documents/draft-rbac-implementation-std-v01.pdf)
component provides APIs to add, update, delete, and search the directory data.  Fortress provides
everything that is needed to exploit the full power of this ANSI specification.
+There is more to RBAC than assigning users to groups and applying ACL policies within directories
or databases.  [RBAC](http://csrc.nist.gov/groups/SNS/rbac/documents/draft-rbac-implementation-std-v01.pdf)
systems provide selective Role activation/deactivation, role hierarchies, and constraints
over separation of duty.  The [RBAC](http://csrc.nist.gov/groups/SNS/rbac/documents/draft-rbac-implementation-std-v01.pdf)
component provides APIs to add, update, delete, and search the directory data
 
 More info can be found on [Intro to ANSI RBAC Page](user-guide/1-intro-rbac.html)
 
 ### [Java EE Platform](http://java.net/projects/javaee-spec/pages/Home) (tm) Security
 
-Used for SSL, X.509 mutual authentication, form-based container authentication, coarse-grained
authorization, SSO and more.  Works within compliant Java Web apps like EnMasse policy server.
 Java EE security is good because its declarative controls keep the development and integration
costs low.  At the same time, it provides adequate network system security and the business
apps run fast due to caching maintained within the app server container.  This reduces costs
because of fewer round-trips between the application and policy servers.
+Used for SSL, X.509 mutual authentication, form-based container authentication, authorization
and SSO.  Works within compliant Java Web apps like Fortress Rest and Web.  
 
 ### Administrative Role-Based Access Control ([ARBAC02](http://profsandhu.com/journals/tissec/p113-oh.pdf))
 
-The ARBAC model explains how [RBAC](http://csrc.nist.gov/groups/SNS/rbac/documents/draft-rbac-implementation-std-v01.pdf)
can be extended with organizational controls to govern policies regarding the security administration
process. ARBAC helps by allowing administrative tasks be delegated to end users who fall outside
typical datacenter operations.  Cost savings is realized through lower overhead due to delegation
while at same time maintaining a firm grip on compliance.
+The ARBAC model explains how [RBAC](http://csrc.nist.gov/groups/SNS/rbac/documents/draft-rbac-implementation-std-v01.pdf)
can be extended with organizational controls to govern policies regarding the security administration
process. ARBAC helps by allowing administrative tasks be delegated to end users who fall outside
typical datacenter operations. 
 
 ### IETF Password Policies
 
@@ -85,7 +75,7 @@ OpenLDAP has supported this draft since
 
 ### Auditing
 
-Fortress audits use OpenLDAP's slapd access log overlay.  This extended capability stores
history of slapd events which are needed for replication.  The events are persisted in OpenLDAP's
back-end database, called the [Lightning Memory-Mapped DB](http://www.openldap.org/pub/hyc/mdm-paper.pdf),
or in ApacheDS.
+Fortress audits use OpenLDAP's slapd access log overlay.
 
 The Fortress audits rely on slapd events to track its data exchanges performed within its
own APIs.  Change event tracking includes adds, updates, and deletes of Fortress entities.
 Read and search events tracked include user authentication, authorization, and policy interrogations.
 Full historical data change tracking is maintained and may be searched later with APIs to
be used for monitoring, reporting, and undo. The log may be retrieved later to synch with
outside database for long-term regulatory and compliance concerns.  
 
@@ -99,26 +89,34 @@ One day.
 
 ## What security services are available?
 
-Over one hundred services divided across the Manager components.  Some of them (Access, Admin
and Review) map back to [ANSI RBAC functional specifications](http://csrc.nist.gov/groups/SNS/rbac/documents/draft-rbac-implementation-std-v01.pdf).
 Others (DelAccess, DelAdmin, DelReview) are for the [ARBAC02](http://profsandhu.com/journals/tissec/p113-oh.pdf)
model which help manage admnistrative burden for large enterprises.  
+Over one hundred services divided across the Manager components.
+
+A description of the managers follow with their javadoc links...
+
+RBAC
+* Performs runtime access control operations on objects that are provisioned RBAC entities
that reside in LDAP directory. - [AccessMgr.html] - (https://directory.apache.org/fortress/gen-docs/latest/apidocs/org/apache/directory/fortress/core/AccessMgr.html)
+* Performs administrative functions to provision Fortress RBAC entities into the LDAP directory.
- [AdminMgr.html] - (https://directory.apache.org/fortress/gen-docs/latest/apidocs/org/apache/directory/fortress/core/AdminMgr.html)
+* The review functions on RBAC entities in LDAP. - [ReviewMgr.html] - (https://directory.apache.org/fortress/gen-docs/latest/apidocs/org/apache/directory/fortress/core/ReviewMgr.html)
+
+ARBAC:
+* Runtime delegated access control operations on objects that are provisioned Fortress ARBAC
entities that reside in LDAP. - [DelAccessMgr.html] - (https://directory.apache.org/fortress/gen-docs/latest/apidocs/org/apache/directory/fortress/core/DelAccessMgr.html)
+* Policy administration of Fortress ARBAC entities in LDAP. - [DelAdminMgr.html] - (https://directory.apache.org/fortress/gen-docs/latest/apidocs/org/apache/directory/fortress/core/DelAdminMgr.html)
+* Policy review ops of ARBAC entities in LDAP. - [DelReviewMgr.html] - (https://directory.apache.org/fortress/gen-docs/latest/apidocs/org/apache/directory/fortress/core/DelReviewMgr.html)
 
-Each manager component defined below has a specific purpose and contains a collection of
related functions to control the Fortress Entities as they pass through its particular area
of the identity lifecycle.  Of late the APIs have been wrapped with REST by En Masse Policy
Server.  This allows Fortress functionality to be accessed over HTTP protocol using an XML
message format.
+PW Policies:
+* Used to perform admin and review functions on the PWPOLICIES data sets. - [PwPolicyMgr.html]
- (https://directory.apache.org/fortress/gen-docs/latest/apidocs/org/apache/directory/fortress/core/PwPolicyMgr.html)
 
-A description of the managers follow...
+Audit
+* Methods used to search OpenLDAP's slapd access log for fortress events. - [AuditMgr.html]
- (https://directory.apache.org/fortress/gen-docs/latest/apidocs/org/apache/directory/fortress/core/AuditMgr.html)
 
-* AccessMgr - This object performs runtime access control operations on objects that are
provisioned [RBAC](http://csrc.nist.gov/groups/SNS/rbac/documents/draft-rbac-implementation-std-v01.pdf)
entities that reside in LDAP directory to maintain policy enforcement.
-* AdminMgr - This object performs administrative functions to provision Fortress RBAC entities
into the LDAP directory.  Can be used to build custom application and UIs.
-* AuditMgr - This interface prescribes methods used to search OpenLDAP's slapd access log
that contains an audit trail of entity operational state to maintain and verify compliance.
-* DelAcessMgr - This interface prescribes the API for performing runtime delegated access
control operations on objects that are provisioned Fortress [ARBAC02](http://profsandhu.com/journals/tissec/p113-oh.pdf)
entities that reside in LDAP directory to maintain policy enforcement.
-* DelAdminMgr - This class prescribes the [ARBAC02](http://profsandhu.com/journals/tissec/p113-oh.pdf)
DelegatedAdminMgr interface for performing policy administration of Fortress ARBAC entities
that reside in LDAP directory.  Can be used to build custom security application and UIs.
-* DelReviewMgr - This class prescribes the [ARBAC02](http://profsandhu.com/journals/tissec/p113-oh.pdf)
DelegatedReviewMgr interface for performing policy interrogation of provisioned Fortress [ARBAC02](http://profsandhu.com/journals/tissec/p113-oh.pdf)
entities that reside in LDAP directory to maintain and verify compliance.
-* PswdPolicyMgr - This object adheres to [IETF PW policy draft](http://tools.ietf.org/html/draft-behera-ldap-password-policy-10)
and is used to perform administrative and review functions on the PWPOLICIES and USERS data
sets within Fortress.
-* ReviewMgr - This interface prescribes the administrative review functions on already provisioned
Fortress [RBAC](http://csrc.nist.gov/groups/SNS/rbac/documents/draft-rbac-implementation-std-v01.pdf)
entities that reside in LDAP directory to maintain and verify compliance.
+Config
+* CRUD methods used to manage properties stored within LDAP. - [ConfigMgr.html] - (https://directory.apache.org/fortress/gen-docs/latest/apidocs/org/apache/directory/fortress/core/ConfigMgr.html)
 
 ## Where is it?
 
 Source is managed by Apache's GIT repo:
 
-* [Fortress Core](https://git-wip-us.apache.org/repos/asf/directory-fortress-core.git) -
RBAC SDK
-* [Fortress Web](https://git-wip-us.apache.org/repos/asf/directory-fortress-commander.git)
- RBAC Web Management UI
-* [Fortress Rest](https://git-wip-us.apache.org/repos/asf/directory-fortress-enmasse.git)
- RBAC REST Server
-* [Fortress Realm](https://git-wip-us.apache.org/repos/asf/directory-fortress-realm.git)
- RBAC Policy Enforcement Plug-in for Tomcat
+* [Fortress Core](https://git-wip-us.apache.org/repos/asf/directory-fortress-core.git)
+* [Fortress Web](https://git-wip-us.apache.org/repos/asf/directory-fortress-commander.git)
+* [Fortress Rest](https://git-wip-us.apache.org/repos/asf/directory-fortress-enmasse.git)
+* [Fortress Realm](https://git-wip-us.apache.org/repos/asf/directory-fortress-realm.git)



Mime
View raw message