directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Shawn McKinney <>
Subject Re: Apache Directory & Apachecon US 2015 Austin
Date Fri, 23 Jan 2015 15:56:36 GMT

I have submitted the following proposals for talks to ApacheCon North America:

1. The Anatomy of a Secure Web application using Apache Fortress -

Although the Java EE architecture provides the necessary enablement, most developers do not
have the time or the training to take full advantage of all the available tools. This technical
session describes and demos an end-to-end application security architecture using Apache Wicket
and Fortress. It includes practical, hands-on guidance to properly implementing authentication,
authorization, and confidentiality with Java EE security. In addition to finding out where
the security controls must be placed and why, attendees will be provided with code they can
use to kick-start their own highly secure Java web applications.

2. RBAC enable your Java Web apps using Apache Directory and Fortress -

Fortress has recently been added as sub-project to the Apache Directory project. This session
will provide an overview of the project and its roadmap.

3. Using Roles for Access Control is not Role-Based Access Control -

Misnomers abound as to what constitutes a working role-based access control (RBAC) system.
With ANSI RBAC, groups are not roles and resource connections are not sessions. This presentation
explains what ANSI RBAC is and how it can be applied. It dispels long-standing myths. Additionally
you’ll receive tips on how to implement a successful RBAC program using well-established
best practices. The session also introduces you to Apache Fortress, a fully compliant RBAC

4. The Case for RBAC Standardization in the Directory -

Discussion about efforts to standardize the RBAC protocol in the directory.  The standardization
covers two broad areas:

1. A standard LDAP schema for RBAC
2. A standard LDAP protocol for RBAC

Topics of discussion include the status, rationale and technical details of these standardization

Any comments welcome.



On 12/28/2014 05:35 AM, Pierre Smits wrote:
> Hi All,
> Our talks held at Apachecon US 2014 in Budapest, on the various subjects related to our
projects and its products, were a huge success: I experienced packed rooms while Emmanuel
and Shawn shared their insights and experiences. This truly shows that we don't just do our
contributions for ourselves, but that our solutions are in demand and that people are interested
in how we do things in our project. 
> The talks held were:
>   * RBAC Authorization with Apache Directory Server and Fortress
>   * LDAP Testing: Does it have to be a Nightmare?
> As has been anounced by the board, we have a new opportunity to promote our project,
our solutions and our viewpoints on the various aspects of Identity & Role Management,
Authentication & Authorisation, the progress in our sub projects and directions for the
future (and more) at the upcoming Apachecon US 2015 event. This event will be held on the
North American continent in Austin, Texas, USA from April 13th till April 17th, with conferences
during the first 3 days.
> So I start this thread to investigate whether there is an interest to participate and
hold talks again at the upcoming event. Think about:
>   * The state of the project
>   * How our product X enables/supports company 1
>   * How our product X enhances product Y
>   * etc.
> What do you think?
> I am sure that the greater subject of "User, Role, Identity Enablement & Control"
can spawn a lot of (suggestions or ideas of) talks.
> To give you a heads up on the upcoming event, I list some reference pages below:
>   *
>   *
> Best regards,
> Pierre Smits
> Services & Solutions for Cloud-
> Based Manufacturing, Professional
> Services and Retail & Trade
> <>

View raw message