You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by bu...@apache.org on 2016/04/16 06:39:54 UTC
svn commit: r985790 - in /websites/staging/directory/trunk/content: ./
fortress/installation.html fortress/overview.html
Author: buildbot
Date: Sat Apr 16 04:39:54 2016
New Revision: 985790
Log:
Staging update by buildbot for directory
Modified:
websites/staging/directory/trunk/content/ (props changed)
websites/staging/directory/trunk/content/fortress/installation.html
websites/staging/directory/trunk/content/fortress/overview.html
Propchange: websites/staging/directory/trunk/content/
------------------------------------------------------------------------------
--- cms:source-revision (original)
+++ cms:source-revision Sat Apr 16 04:39:54 2016
@@ -1 +1 @@
-1739335
+1739404
Modified: websites/staging/directory/trunk/content/fortress/installation.html
==============================================================================
--- websites/staging/directory/trunk/content/fortress/installation.html (original)
+++ websites/staging/directory/trunk/content/fortress/installation.html Sat Apr 16 04:39:54 2016
@@ -170,9 +170,12 @@ h2:hover > .headerlink, h3:hover > .head
<h1 id="installation-guides">Installation guides<a class="headerlink" href="#installation-guides" title="Permanent link">¶</a></h1>
<p>These Installation guides show you how to do a base install of Fortress Core, Rest and Web components using either ApacheDS or OpenLDAP along with Apache Tomcat:</p>
<ul>
-<li><a href="https://github.com/apache/directory-fortress-core/blob/master/README-QUICKSTART-APACHEDS.md">Installation Quickstart for ApacheDS</a> - shows how to install with ApacheDS.</li>
-<li><a href="https://github.com/apache/directory-fortress-core/blob/master/README-QUICKSTART-SLAPD.md">Installation Quickstart for OpenLDAP</a> - shows how to install with Symas OpenLDAP.</li>
-<li><a href="https://github.com/apache/directory-fortress-core/blob/master/README.md">Installation Guide for Preexisting OpenLDAP</a> - describes installation using pre-existing OpenLDAP instance (SECTION 6)</li>
+<li>Install Core for use with APACHEDS - [README-QUICKSTART-APACHEDS.md] - (https://github.com/apache/directory-fortress-core/blob/master/README-QUICKSTART-APACHEDS.md)</li>
+<li>Install Core for use with OPENLDAP - [README-QUICKSTART-SLAPD.md] - (https://github.com/apache/directory-fortress-core/blob/master/README-QUICKSTART-SLAPD.md)</li>
+<li>Configure Tomcat Global Security using Realm - [REALM-HOST-SETUP.md] - (https://github.com/apache/directory-fortress-realm/blob/master/REALM-HOST-SETUP.md)</li>
+<li>Configure Tomcat Local Security using Realm - [REALM-CONTEXT-SETUP.md] - (https://github.com/apache/directory-fortress-realm/blob/master/REALM-CONTEXT-SETUP.md)</li>
+<li>Install Fortress Rest to Tomcat - [README-QUICKSTART.md] - (https://github.com/apache/directory-fortress-enmasse/blob/master/README-QUICKSTART.md)</li>
+<li>Install Fortress Web to Tomcat - [README-QUICKSTART.md] - (https://github.com/apache/directory-fortress-commander/blob/master/README-QUICKSTART.md)</li>
</ul>
Modified: websites/staging/directory/trunk/content/fortress/overview.html
==============================================================================
--- websites/staging/directory/trunk/content/fortress/overview.html (original)
+++ websites/staging/directory/trunk/content/fortress/overview.html Sat Apr 16 04:39:54 2016
@@ -168,78 +168,75 @@
}
h2:hover > .headerlink, h3:hover > .headerlink, h1:hover > .headerlink, h6:hover > .headerlink, h4:hover > .headerlink, h5:hover > .headerlink, dt:hover > .elementid-permalink { visibility: visible }</style>
<h1 id="fortress-overview">Fortress Overview<a class="headerlink" href="#fortress-overview" title="Permanent link">¶</a></h1>
-<h2 id="rationale">Rationale<a class="headerlink" href="#rationale" title="Permanent link">¶</a></h2>
-<p>FORTRESS was built to the highest standards of security combined with easy installation and ongoing maintenance. It allows service providers to avoid vendor lock-in, high licensing costs and steep learning curves.</p>
-<p>This security system was designed to be deployed into a wide variety of system environments easily. Adopters need not have expertise in Unix, LDAP or other system technologies to install, maintain and use. The result is a high-quality, low-cost solution for identity and access control.</p>
-<h2 id="what-is-it">What is it?<a class="headerlink" href="#what-is-it" title="Permanent link">¶</a></h2>
-<p>Fortress is a standards-based and open source access management system that provides ANSI RBAC (INCITS 359) management and enforcement capabilities. </p>
-<p>Included in Fortress packages:</p>
+<p>FORTRESS provides a standards-based access management system that provides role-based access control, delegated administration and password policies APIs and servivces. It uses LDAP for its data storage.</p>
+<h2 id="whats-in-it">What's in it?<a class="headerlink" href="#whats-in-it" title="Permanent link">¶</a></h2>
+<p>Included are the following components:</p>
<ul>
-<li>RBAC Core APIs</li>
-<li>RBAC Web Management UI</li>
-<li>RBAC Rest Server</li>
-<li>RBAC Policy Enforcement Plug-in for Tomcat</li>
-<li>Directory Services with <a href="http://www.openldap.org">OpenLDAP</a> (powered w/Memory-Mapped DB) or <a href="http://directory.apache.org">ApacheDS</a></li>
+<li>Core - Java Access Management SDK</li>
+<li>Realm - Java EE security for Apache Tomcat</li>
+<li>Rest - HTTP protocol wrappers for the APIs</li>
+<li>Web - HTML pages for the APIs</li>
</ul>
<p>It is released under terms of the Apache License 2.0. </p>
-<h2 id="what-can-it-do-currently">What can it do currently?<a class="headerlink" href="#what-can-it-do-currently" title="Permanent link">¶</a></h2>
-<p>Demos outlining the capability contained within README files in root of fortress core package. </p>
-<p>Features include...</p>
+<h2 id="how-does-it-work">How Does It Work?<a class="headerlink" href="#how-does-it-work" title="Permanent link">¶</a></h2>
+<p>To learn more, check out the quickstarts:</p>
<ul>
-<li>RBAC Management via APIs, Restful services and Web pages</li>
-<li>Password Management via APIs, services and self-service Web pages</li>
-<li>Interrogation of centralized audit for management and enforcement activites via APIs, services and Web pages</li>
-<li>Policy enforcement plug-ins to enforce policies in Java, Spring, Linux and Windows platforms</li>
-<li>Documented Install Guide and freely available <a href="quick-start.html">Fortress Quickstart</a> packages to demonstrate all of the above</li>
-<li>Multi-tenant segregation of data into directory.</li>
-<li>Directory replication to satisfy mission critical requirements like high availability and disaster recovery.</li>
-<li>Documented utiliites to run Fortress functions from command line interpeter. </li>
-<li>Callback routines used to automate custom data loading requirements using the fortress Ant XML scripting tool to facilitate bulk loading and auto installs.</li>
-<li>Automatic, configurable, and extensible junit test suite to certify Fortress IAM into new system environments.</li>
-<li>Javadoc API guide </li>
-<li>Customizable Samples to show common API usages</li>
+<li>Install Core for use with APACHEDS - [README-QUICKSTART-APACHEDS.md] - (https://github.com/apache/directory-fortress-core/blob/master/README-QUICKSTART-APACHEDS.md)</li>
+<li>Install Core for use with OPENLDAP - [README-QUICKSTART-SLAPD.md] - (https://github.com/apache/directory-fortress-core/blob/master/README-QUICKSTART-SLAPD.md)</li>
+<li>Configure Tomcat Global Security using Realm - [REALM-HOST-SETUP.md] - (https://github.com/apache/directory-fortress-realm/blob/master/REALM-HOST-SETUP.md)</li>
+<li>Configure Tomcat Local Security using Realm - [REALM-CONTEXT-SETUP.md] - (https://github.com/apache/directory-fortress-realm/blob/master/REALM-CONTEXT-SETUP.md)</li>
+<li>Install Fortress Rest to Tomcat - [README-QUICKSTART.md] - (https://github.com/apache/directory-fortress-enmasse/blob/master/README-QUICKSTART.md)</li>
+<li>Install Fortress Web to Tomcat - [README-QUICKSTART.md] - (https://github.com/apache/directory-fortress-commander/blob/master/README-QUICKSTART.md)</li>
+</ul>
+<p>Other README's:</p>
+<ul>
+<li>How Fortress Multitenancy works - [README-MULTITENANCY.md] - (https://github.com/apache/directory-fortress-core/blob/master/README-MULTITENANCY.md)</li>
+<li>How the Fortress Config subsystem works - [README-CONFIG.md] - (https://github.com/apache/directory-fortress-core/blob/master/README-CONFIG.md)</li>
</ul>
<h2 id="what-technologies-at-play">What technologies at play?<a class="headerlink" href="#what-technologies-at-play" title="Permanent link">¶</a></h2>
-<p>Fortress products run on open system hardware and software platforms supporting LDAPv3, HTTP/S & Java technologies. Functionality that extend beyond LDAPv3 is realized via OpenLDAP/ApacheDS specific features. With the advent of EnMasse & Commander products, <a href="http://tomcat">Apache Tomcat</a>.apache.org/, or preferred Java servlet container is used to process HTTP communications between endpoints. Fortress provides downloadable packages called QUICKSTARTS which include instructions for first-time install and use of these products.</p>
+<p>Fortress products run on open system hardware and software platforms supporting LDAPv3, HTTP/S & Java technologies. Functionality that extend beyond LDAPv3 is realized via OpenLDAP/ApacheDS specific features. With the advent of Rest and Web products, <a href="http://tomcat">Apache Tomcat</a>.apache.org/, or preferred Java servlet container is used to process HTTP communications between endpoints. </p>
<h2 id="what-standards-apply">What standards apply?<a class="headerlink" href="#what-standards-apply" title="Permanent link">¶</a></h2>
<p>The following technology standards are applied within Fortress...</p>
<h3 id="ansi-role-based-access-control-incits-359">ANSI Role-Based Access Control (INCITS 359)<a class="headerlink" href="#ansi-role-based-access-control-incits-359" title="Permanent link">¶</a></h3>
-<p>There is more to compliance than assigning users to groups and applying ACL policies within directories or databases. <a href="http://csrc.nist.gov/groups/SNS/rbac/documents/draft-rbac-implementation-std-v01.pdf">RBAC</a> systems provide selective Role activation/deactivation, role hierarchies, and constraints over separation of duty. The <a href="http://csrc.nist.gov/groups/SNS/rbac/documents/draft-rbac-implementation-std-v01.pdf">RBAC</a> component provides APIs to add, update, delete, and search the directory data. Fortress provides everything that is needed to exploit the full power of this ANSI specification.</p>
+<p>There is more to RBAC than assigning users to groups and applying ACL policies within directories or databases. <a href="http://csrc.nist.gov/groups/SNS/rbac/documents/draft-rbac-implementation-std-v01.pdf">RBAC</a> systems provide selective Role activation/deactivation, role hierarchies, and constraints over separation of duty. The <a href="http://csrc.nist.gov/groups/SNS/rbac/documents/draft-rbac-implementation-std-v01.pdf">RBAC</a> component provides APIs to add, update, delete, and search the directory data</p>
<p>More info can be found on <a href="user-guide/1-intro-rbac.html">Intro to ANSI RBAC Page</a></p>
<h3 id="java-ee-platform-tm-security"><a href="http://java.net/projects/javaee-spec/pages/Home">Java EE Platform</a> (tm) Security<a class="headerlink" href="#java-ee-platform-tm-security" title="Permanent link">¶</a></h3>
-<p>Used for SSL, X.509 mutual authentication, form-based container authentication, coarse-grained authorization, SSO and more. Works within compliant Java Web apps like EnMasse policy server. Java EE security is good because its declarative controls keep the development and integration costs low. At the same time, it provides adequate network system security and the business apps run fast due to caching maintained within the app server container. This reduces costs because of fewer round-trips between the application and policy servers.</p>
+<p>Used for SSL, X.509 mutual authentication, form-based container authentication, authorization and SSO. Works within compliant Java Web apps like Fortress Rest and Web. </p>
<h3 id="administrative-role-based-access-control-arbac02">Administrative Role-Based Access Control (<a href="http://profsandhu.com/journals/tissec/p113-oh.pdf">ARBAC02</a>)<a class="headerlink" href="#administrative-role-based-access-control-arbac02" title="Permanent link">¶</a></h3>
-<p>The ARBAC model explains how <a href="http://csrc.nist.gov/groups/SNS/rbac/documents/draft-rbac-implementation-std-v01.pdf">RBAC</a> can be extended with organizational controls to govern policies regarding the security administration process. ARBAC helps by allowing administrative tasks be delegated to end users who fall outside typical datacenter operations. Cost savings is realized through lower overhead due to delegation while at same time maintaining a firm grip on compliance.</p>
+<p>The ARBAC model explains how <a href="http://csrc.nist.gov/groups/SNS/rbac/documents/draft-rbac-implementation-std-v01.pdf">RBAC</a> can be extended with organizational controls to govern policies regarding the security administration process. ARBAC helps by allowing administrative tasks be delegated to end users who fall outside typical datacenter operations. </p>
<h3 id="ietf-password-policies">IETF Password Policies<a class="headerlink" href="#ietf-password-policies" title="Permanent link">¶</a></h3>
<p>OpenLDAP has supported this draft since 2005. Fortress adds by integrating with its administrative and access control APIs. These APIs enable outside apps to participate and manipulate OpenLDAP password policies without understanding the specifics of how they work. Fortress provides services for setting up new policies and ensuring password policies are tracked and enforced across all avenues.</p>
<h3 id="auditing">Auditing<a class="headerlink" href="#auditing" title="Permanent link">¶</a></h3>
-<p>Fortress audits use OpenLDAP's slapd access log overlay. This extended capability stores history of slapd events which are needed for replication. The events are persisted in OpenLDAP's back-end database, called the <a href="http://www.openldap.org/pub/hyc/mdm-paper.pdf">Lightning Memory-Mapped DB</a>, or in ApacheDS.</p>
+<p>Fortress audits use OpenLDAP's slapd access log overlay.</p>
<p>The Fortress audits rely on slapd events to track its data exchanges performed within its own APIs. Change event tracking includes adds, updates, and deletes of Fortress entities. Read and search events tracked include user authentication, authorization, and policy interrogations. Full historical data change tracking is maintained and may be searched later with APIs to be used for monitoring, reporting, and undo. The log may be retrieved later to synch with outside database for long-term regulatory and compliance concerns. </p>
<h3 id="temporal-constraints">Temporal Constraints<a class="headerlink" href="#temporal-constraints" title="Permanent link">¶</a></h3>
<p>The Fortress Temporal model allows Users and Roles to carry time and date Constraints which govern when activations may occur. Role constraints are checked on every call into Fortress. The user constraint applied only at session creation.</p>
<h3 id="ansi-rbac-policy-enhanced-incits-494-2012">ANSI RBAC Policy-Enhanced (INCITS-494-2012)<a class="headerlink" href="#ansi-rbac-policy-enhanced-incits-494-2012" title="Permanent link">¶</a></h3>
<p>One day.</p>
<h2 id="what-security-services-are-available">What security services are available?<a class="headerlink" href="#what-security-services-are-available" title="Permanent link">¶</a></h2>
-<p>Over one hundred services divided across the Manager components. Some of them (Access, Admin and Review) map back to <a href="http://csrc.nist.gov/groups/SNS/rbac/documents/draft-rbac-implementation-std-v01.pdf">ANSI RBAC functional specifications</a>. Others (DelAccess, DelAdmin, DelReview) are for the <a href="http://profsandhu.com/journals/tissec/p113-oh.pdf">ARBAC02</a> model which help manage admnistrative burden for large enterprises. </p>
-<p>Each manager component defined below has a specific purpose and contains a collection of related functions to control the Fortress Entities as they pass through its particular area of the identity lifecycle. Of late the APIs have been wrapped with REST by En Masse Policy Server. This allows Fortress functionality to be accessed over HTTP protocol using an XML message format.</p>
-<p>A description of the managers follow...</p>
-<ul>
-<li>AccessMgr - This object performs runtime access control operations on objects that are provisioned <a href="http://csrc.nist.gov/groups/SNS/rbac/documents/draft-rbac-implementation-std-v01.pdf">RBAC</a> entities that reside in LDAP directory to maintain policy enforcement.</li>
-<li>AdminMgr - This object performs administrative functions to provision Fortress RBAC entities into the LDAP directory. Can be used to build custom application and UIs.</li>
-<li>AuditMgr - This interface prescribes methods used to search OpenLDAP's slapd access log that contains an audit trail of entity operational state to maintain and verify compliance.</li>
-<li>DelAcessMgr - This interface prescribes the API for performing runtime delegated access control operations on objects that are provisioned Fortress <a href="http://profsandhu.com/journals/tissec/p113-oh.pdf">ARBAC02</a> entities that reside in LDAP directory to maintain policy enforcement.</li>
-<li>DelAdminMgr - This class prescribes the <a href="http://profsandhu.com/journals/tissec/p113-oh.pdf">ARBAC02</a> DelegatedAdminMgr interface for performing policy administration of Fortress ARBAC entities that reside in LDAP directory. Can be used to build custom security application and UIs.</li>
-<li>DelReviewMgr - This class prescribes the <a href="http://profsandhu.com/journals/tissec/p113-oh.pdf">ARBAC02</a> DelegatedReviewMgr interface for performing policy interrogation of provisioned Fortress <a href="http://profsandhu.com/journals/tissec/p113-oh.pdf">ARBAC02</a> entities that reside in LDAP directory to maintain and verify compliance.</li>
-<li>PswdPolicyMgr - This object adheres to <a href="http://tools.ietf.org/html/draft-behera-ldap-password-policy-10">IETF PW policy draft</a> and is used to perform administrative and review functions on the PWPOLICIES and USERS data sets within Fortress.</li>
-<li>ReviewMgr - This interface prescribes the administrative review functions on already provisioned Fortress <a href="http://csrc.nist.gov/groups/SNS/rbac/documents/draft-rbac-implementation-std-v01.pdf">RBAC</a> entities that reside in LDAP directory to maintain and verify compliance.</li>
-</ul>
+<p>Over one hundred services divided across the Manager components.</p>
+<p>A description of the managers follow with their javadoc links...</p>
+<p>RBAC
+<em> Performs runtime access control operations on objects that are provisioned RBAC entities that reside in LDAP directory. - [AccessMgr.html] - (https://directory.apache.org/fortress/gen-docs/latest/apidocs/org/apache/directory/fortress/core/AccessMgr.html)
+</em> Performs administrative functions to provision Fortress RBAC entities into the LDAP directory. - [AdminMgr.html] - (https://directory.apache.org/fortress/gen-docs/latest/apidocs/org/apache/directory/fortress/core/AdminMgr.html)
+* The review functions on RBAC entities in LDAP. - [ReviewMgr.html] - (https://directory.apache.org/fortress/gen-docs/latest/apidocs/org/apache/directory/fortress/core/ReviewMgr.html)</p>
+<p>ARBAC:
+<em> Runtime delegated access control operations on objects that are provisioned Fortress ARBAC entities that reside in LDAP. - [DelAccessMgr.html] - (https://directory.apache.org/fortress/gen-docs/latest/apidocs/org/apache/directory/fortress/core/DelAccessMgr.html)
+</em> Policy administration of Fortress ARBAC entities in LDAP. - [DelAdminMgr.html] - (https://directory.apache.org/fortress/gen-docs/latest/apidocs/org/apache/directory/fortress/core/DelAdminMgr.html)
+* Policy review ops of ARBAC entities in LDAP. - [DelReviewMgr.html] - (https://directory.apache.org/fortress/gen-docs/latest/apidocs/org/apache/directory/fortress/core/DelReviewMgr.html)</p>
+<p>PW Policies:
+* Used to perform admin and review functions on the PWPOLICIES data sets. - [PwPolicyMgr.html] - (https://directory.apache.org/fortress/gen-docs/latest/apidocs/org/apache/directory/fortress/core/PwPolicyMgr.html)</p>
+<p>Audit
+* Methods used to search OpenLDAP's slapd access log for fortress events. - [AuditMgr.html] - (https://directory.apache.org/fortress/gen-docs/latest/apidocs/org/apache/directory/fortress/core/AuditMgr.html)</p>
+<p>Config
+* CRUD methods used to manage properties stored within LDAP. - [ConfigMgr.html] - (https://directory.apache.org/fortress/gen-docs/latest/apidocs/org/apache/directory/fortress/core/ConfigMgr.html)</p>
<h2 id="where-is-it">Where is it?<a class="headerlink" href="#where-is-it" title="Permanent link">¶</a></h2>
<p>Source is managed by Apache's GIT repo:</p>
<ul>
-<li><a href="https://git-wip-us.apache.org/repos/asf/directory-fortress-core.git">Fortress Core</a> - RBAC SDK</li>
-<li><a href="https://git-wip-us.apache.org/repos/asf/directory-fortress-commander.git">Fortress Web</a> - RBAC Web Management UI</li>
-<li><a href="https://git-wip-us.apache.org/repos/asf/directory-fortress-enmasse.git">Fortress Rest</a> - RBAC REST Server</li>
-<li><a href="https://git-wip-us.apache.org/repos/asf/directory-fortress-realm.git">Fortress Realm</a> - RBAC Policy Enforcement Plug-in for Tomcat</li>
+<li><a href="https://git-wip-us.apache.org/repos/asf/directory-fortress-core.git">Fortress Core</a></li>
+<li><a href="https://git-wip-us.apache.org/repos/asf/directory-fortress-commander.git">Fortress Web</a></li>
+<li><a href="https://git-wip-us.apache.org/repos/asf/directory-fortress-enmasse.git">Fortress Rest</a></li>
+<li><a href="https://git-wip-us.apache.org/repos/asf/directory-fortress-realm.git">Fortress Realm</a></li>
</ul>