Return-Path: X-Original-To: apmail-directory-dev-archive@www.apache.org Delivered-To: apmail-directory-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 9B77F17A98 for ; Fri, 23 Jan 2015 15:57:33 +0000 (UTC) Received: (qmail 91188 invoked by uid 500); 23 Jan 2015 15:57:33 -0000 Delivered-To: apmail-directory-dev-archive@directory.apache.org Received: (qmail 91134 invoked by uid 500); 23 Jan 2015 15:57:33 -0000 Mailing-List: contact dev-help@directory.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Apache Directory Developers List" Delivered-To: mailing list dev@directory.apache.org Received: (qmail 91124 invoked by uid 99); 23 Jan 2015 15:57:33 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 23 Jan 2015 15:57:33 +0000 X-ASF-Spam-Status: No, hits=0.0 required=5.0 tests=RCVD_IN_DNSWL_NONE X-Spam-Check-By: apache.org Received-SPF: error (athena.apache.org: local policy) Received: from [216.109.114.113] (HELO nm4-vm2.access.bullet.mail.bf1.yahoo.com) (216.109.114.113) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 23 Jan 2015 15:57:28 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1422028607; bh=FS6FU3437uT9opa8wi80kg/W1VKBCEh47nfPvSN4r6Q=; h=Date:From:To:Subject:References:In-Reply-To:From:Subject; b=YaEPfbHVd1tYqCzMMTqZogOnw9xw6yrnam3E0RK/4tqvypUDvrdznSgMcEZf1+ftZ3UhA9fpF98w5pHBC/e/WMBqopWzeWtNy9GG37InaPRbq5KkMXawcKPJOAlKv+PuRKpvT9d0QZmFzPXs0+1Thz6ywctxX1WmQxz+WfKFgGCRIRRw0P6Pkt1u1Nf/bQ6ucNj4SjrP2U7kL9IB7WFAh/DakOM8+/ZUugNX/fVnltWcQ+xE5zdX60E37r7i6B3FVei2SbqVy6CUuXwrIYRCkaGFM5w/4cuODU3TAfavcsbTd2HSKXEq2L6lcD2No6o+Z1z2uTk4vcKxVBtKugnPJw== Received: from [66.196.81.162] by nm4.access.bullet.mail.bf1.yahoo.com with NNFMP; 23 Jan 2015 15:56:47 -0000 Received: from [98.138.226.242] by tm8.access.bullet.mail.bf1.yahoo.com with NNFMP; 23 Jan 2015 15:56:47 -0000 Received: from [127.0.0.1] by smtp113.sbc.mail.ne1.yahoo.com with NNFMP; 23 Jan 2015 15:56:47 -0000 X-Yahoo-Newman-Id: 149287.77945.bm@smtp113.sbc.mail.ne1.yahoo.com X-Yahoo-Newman-Property: ymail-3 X-YMail-OSG: 4Zgyx2IVM1k.OYlmwvtlBbXcsgEneslCzmek7V05GZbTCLk NkfsIFhf2haBG1nR8aJ6HgV9rjCR9Yxi8.pGJa9V0VtgVmktngsffaj_VpUZ wBvq5Bun_2eHM5S6KkdWUN1hW6n86B8hHTZkHVg6CkP6Zq6EBHss0_KAJbTA 2YTUv0.RyTqH2nDfg3NDqO8xtErVf1fsO5qfZP9qQZHRxlKpxNmmIXAT.LYR 2Ib7hwG90ihdhOiBUSPecqyd6OJyhkukQDcfXOFTwC.D5ngoqKebw5.po4Ny QgiVTY5iGmkRa4_vrgLDeE9.Rqy5KO6BvHxmKjcVPvRazXi1e95JzwMELJtF XgaSYjuKeQ0QFQRRdooag9uxxCRxqe1bhZyGDJgFLFv.IY1ou7P9fKd0lB6s XSchHclfXZIjiwvzTWAMBRNHmPkdM5FuBbNOjYh4NAozvm6.IG.w.o5.N7Nn tiMstp482l9KLfV6.QLc7W2YluiBKoEbXmWu4kL754wSiD2xnfjtlwE36q.1 fmg9mAwSsOsfhOYC_ALwSKpwZdhlLar0gnj8UKoVa6Ce31dTYTOv9x8AN91V AuMS.j5d.q7ZROAms7URzKYS5fgFbDaxUWs4l7k8sH6vLqJ.5qpvUKQNR0Jt uiUkXWe_lzCL7.Bx48rMkxgZoi_XMJgFDzhA47liG.fDMMV8IY3LdBS1_goy 6umJqXy9dc_aE7iXlt73GF8vxGLJ.rQPGXXTsfHMzYO95.511QITAI4HQLak fdQ-- X-Yahoo-SMTP: RYUQWbmswBBpo0T3C6Zz5tVI.B.MFoe0x7ECVSgYLas1TQ-- Message-ID: <54C26F34.5070903@apache.org> Date: Fri, 23 Jan 2015 09:56:36 -0600 From: Shawn McKinney User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.0 MIME-Version: 1.0 To: dev@directory.apache.org Subject: Re: Apache Directory & Apachecon US 2015 Austin References: In-Reply-To: Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Virus-Checked: Checked by ClamAV on apache.org Hello! I have submitted the following proposals for talks to ApacheCon North America: 1. The Anatomy of a Secure Web application using Apache Fortress - http://events.linuxfoundation.org/cfp/proposals/4828/4076 Although the Java EE architecture provides the necessary enablement, most developers do not have the time or the training to take full advantage of all the available tools. This technical session describes and demos an end-to-end application security architecture using Apache Wicket and Fortress. It includes practical, hands-on guidance to properly implementing authentication, authorization, and confidentiality with Java EE security. In addition to finding out where the security controls must be placed and why, attendees will be provided with code they can use to kick-start their own highly secure Java web applications. 2. RBAC enable your Java Web apps using Apache Directory and Fortress - http://events.linuxfoundation.org/cfp/proposals/4828/4078 Fortress has recently been added as sub-project to the Apache Directory project. This session will provide an overview of the project and its roadmap. 3. Using Roles for Access Control is not Role-Based Access Control - http://events.linuxfoundation.org/cfp/proposals/4828/4077 Misnomers abound as to what constitutes a working role-based access control (RBAC) system. With ANSI RBAC, groups are not roles and resource connections are not sessions. This presentation explains what ANSI RBAC is and how it can be applied. It dispels long-standing myths. Additionally you’ll receive tips on how to implement a successful RBAC program using well-established best practices. The session also introduces you to Apache Fortress, a fully compliant RBAC implementation. 4. The Case for RBAC Standardization in the Directory - http://events.linuxfoundation.org/cfp/proposals/4828/4079 Discussion about efforts to standardize the RBAC protocol in the directory. The standardization covers two broad areas: 1. A standard LDAP schema for RBAC 2. A standard LDAP protocol for RBAC Topics of discussion include the status, rationale and technical details of these standardization efforts. Any comments welcome. Cheers, Shawn On 12/28/2014 05:35 AM, Pierre Smits wrote: > Hi All, > > Our talks held at Apachecon US 2014 in Budapest, on the various subjects related to our projects and its products, were a huge success: I experienced packed rooms while Emmanuel and Shawn shared their insights and experiences. This truly shows that we don't just do our contributions for ourselves, but that our solutions are in demand and that people are interested in how we do things in our project. > > The talks held were: > > * RBAC Authorization with Apache Directory Server and Fortress > * LDAP Testing: Does it have to be a Nightmare? > > As has been anounced by the board, we have a new opportunity to promote our project, our solutions and our viewpoints on the various aspects of Identity & Role Management, Authentication & Authorisation, the progress in our sub projects and directions for the future (and more) at the upcoming Apachecon US 2015 event. This event will be held on the North American continent in Austin, Texas, USA from April 13th till April 17th, with conferences during the first 3 days. > > So I start this thread to investigate whether there is an interest to participate and hold talks again at the upcoming event. Think about: > > * The state of the project > * How our product X enables/supports company 1 > * How our product X enhances product Y > * etc. > > What do you think? > I am sure that the greater subject of "User, Role, Identity Enablement & Control" can spawn a lot of (suggestions or ideas of) talks. > > To give you a heads up on the upcoming event, I list some reference pages below: > > * http://wiki.apache.org/apachecon/FrontPage > * http://wiki.apache.org/apachecon/ACNA2015ContentCommittee > > > Best regards, > Pierre Smits > > *ORRTIZ.COM * > Services & Solutions for Cloud- > Based Manufacturing, Professional > Services and Retail & Trade > http://www.orrtiz.com