You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by sm...@apache.org on 2016/04/16 06:39:37 UTC

svn commit: r1739404 - in /directory/site/trunk/content/fortress: installation.mdtext overview.mdtext

Author: smckinney
Date: Sat Apr 16 04:39:37 2016
New Revision: 1739404

URL: http://svn.apache.org/viewvc?rev=1739404&view=rev
Log:
rework

Modified:
    directory/site/trunk/content/fortress/installation.mdtext
    directory/site/trunk/content/fortress/overview.mdtext

Modified: directory/site/trunk/content/fortress/installation.mdtext
URL: http://svn.apache.org/viewvc/directory/site/trunk/content/fortress/installation.mdtext?rev=1739404&r1=1739403&r2=1739404&view=diff
==============================================================================
--- directory/site/trunk/content/fortress/installation.mdtext (original)
+++ directory/site/trunk/content/fortress/installation.mdtext Sat Apr 16 04:39:37 2016
@@ -20,6 +20,9 @@ Notice: Licensed to the Apache Software
 
 These Installation guides show you how to do a base install of Fortress Core, Rest and Web components using either ApacheDS or OpenLDAP along with Apache Tomcat:
 
-* [Installation Quickstart for ApacheDS](https://github.com/apache/directory-fortress-core/blob/master/README-QUICKSTART-APACHEDS.md) - shows how to install with ApacheDS.
-* [Installation Quickstart for OpenLDAP](https://github.com/apache/directory-fortress-core/blob/master/README-QUICKSTART-SLAPD.md) - shows how to install with Symas OpenLDAP.
-* [Installation Guide for Preexisting OpenLDAP](https://github.com/apache/directory-fortress-core/blob/master/README.md) - describes installation using pre-existing OpenLDAP instance (SECTION 6)
+* Install Core for use with APACHEDS - [README-QUICKSTART-APACHEDS.md] - (https://github.com/apache/directory-fortress-core/blob/master/README-QUICKSTART-APACHEDS.md)
+* Install Core for use with OPENLDAP - [README-QUICKSTART-SLAPD.md] - (https://github.com/apache/directory-fortress-core/blob/master/README-QUICKSTART-SLAPD.md)
+* Configure Tomcat Global Security using Realm - [REALM-HOST-SETUP.md] - (https://github.com/apache/directory-fortress-realm/blob/master/REALM-HOST-SETUP.md)
+* Configure Tomcat Local Security using Realm - [REALM-CONTEXT-SETUP.md] - (https://github.com/apache/directory-fortress-realm/blob/master/REALM-CONTEXT-SETUP.md)
+* Install Fortress Rest to Tomcat - [README-QUICKSTART.md] - (https://github.com/apache/directory-fortress-enmasse/blob/master/README-QUICKSTART.md)
+* Install Fortress Web to Tomcat - [README-QUICKSTART.md] - (https://github.com/apache/directory-fortress-commander/blob/master/README-QUICKSTART.md)

Modified: directory/site/trunk/content/fortress/overview.mdtext
URL: http://svn.apache.org/viewvc/directory/site/trunk/content/fortress/overview.mdtext?rev=1739404&r1=1739403&r2=1739404&view=diff
==============================================================================
--- directory/site/trunk/content/fortress/overview.mdtext (original)
+++ directory/site/trunk/content/fortress/overview.mdtext Sat Apr 16 04:39:37 2016
@@ -18,48 +18,38 @@ Notice: Licensed to the Apache Software
 
 # Fortress Overview
 
-## Rationale
+FORTRESS provides a standards-based access management system that provides role-based access control, delegated administration and password policies APIs and servivces.  It uses LDAP for its data storage.
 
-FORTRESS was built to the highest standards of security combined with easy installation and ongoing maintenance.  It allows service providers to avoid vendor lock-in, high licensing costs and steep learning curves.
+## What's in it?  
 
-This security system was designed to be deployed into a wide variety of system environments easily. Adopters need not have expertise in Unix, LDAP or other system technologies to install, maintain and use. The result is a high-quality, low-cost solution for identity and access control.
+Included are the following components:
 
-## What is it?  
-
-Fortress is a standards-based and open source access management system that provides ANSI RBAC (INCITS 359) management and enforcement capabilities. 
-
-Included in Fortress packages:
-
-* RBAC Core APIs
-* RBAC Web Management UI
-* RBAC Rest Server
-* RBAC Policy Enforcement Plug-in for Tomcat
-* Directory Services with [OpenLDAP](http://www.openldap.org) (powered w/Memory-Mapped DB) or [ApacheDS](http://directory.apache.org)
+* Core  - Java Access Management SDK
+* Realm - Java EE security for Apache Tomcat
+* Rest  - HTTP protocol wrappers for the APIs
+* Web   - HTML pages for the APIs
 
 It is released under terms of the Apache License 2.0. 
 
-## What can it do currently?
+## How Does It Work?
+
+To learn more, check out the quickstarts:
 
-Demos outlining the capability contained within README files in root of fortress core package. 
+* Install Core for use with APACHEDS - [README-QUICKSTART-APACHEDS.md] - (https://github.com/apache/directory-fortress-core/blob/master/README-QUICKSTART-APACHEDS.md)
+* Install Core for use with OPENLDAP - [README-QUICKSTART-SLAPD.md] - (https://github.com/apache/directory-fortress-core/blob/master/README-QUICKSTART-SLAPD.md)
+* Configure Tomcat Global Security using Realm - [REALM-HOST-SETUP.md] - (https://github.com/apache/directory-fortress-realm/blob/master/REALM-HOST-SETUP.md)
+* Configure Tomcat Local Security using Realm - [REALM-CONTEXT-SETUP.md] - (https://github.com/apache/directory-fortress-realm/blob/master/REALM-CONTEXT-SETUP.md)
+* Install Fortress Rest to Tomcat - [README-QUICKSTART.md] - (https://github.com/apache/directory-fortress-enmasse/blob/master/README-QUICKSTART.md)
+* Install Fortress Web to Tomcat - [README-QUICKSTART.md] - (https://github.com/apache/directory-fortress-commander/blob/master/README-QUICKSTART.md)
 
-Features include...
+Other README's:
 
-* RBAC Management via APIs, Restful services and Web pages
-* Password Management via APIs, services and self-service Web pages
-* Interrogation of centralized audit for management and enforcement activites via APIs, services and Web pages
-* Policy enforcement plug-ins to enforce policies in Java, Spring, Linux and Windows platforms
-* Documented Install Guide and freely available [Fortress Quickstart](quick-start.html) packages to demonstrate all of the above
-* Multi-tenant segregation of data into directory.
-* Directory replication to satisfy mission critical requirements like high availability and disaster recovery.
-* Documented utiliites to run Fortress functions from command line interpeter.  
-* Callback routines used to automate custom data loading requirements using the fortress Ant XML scripting tool to facilitate bulk loading and auto installs.
-* Automatic, configurable, and extensible junit test suite to certify Fortress IAM into new system environments.
-* Javadoc API guide 
-* Customizable Samples to show common API usages
+* How Fortress Multitenancy works - [README-MULTITENANCY.md] - (https://github.com/apache/directory-fortress-core/blob/master/README-MULTITENANCY.md)
+* How the Fortress Config subsystem works - [README-CONFIG.md] - (https://github.com/apache/directory-fortress-core/blob/master/README-CONFIG.md)
 
 ## What technologies at play?
 
-Fortress products run on open system hardware and software platforms supporting LDAPv3, HTTP/S & Java technologies. Functionality that extend beyond LDAPv3 is realized via OpenLDAP/ApacheDS specific features. With the advent of EnMasse & Commander products, [Apache Tomcat](http://tomcat).apache.org/, or preferred Java servlet container is used to process HTTP communications between endpoints.  Fortress provides downloadable packages called QUICKSTARTS which include instructions for first-time install and use of these products.
+Fortress products run on open system hardware and software platforms supporting LDAPv3, HTTP/S & Java technologies. Functionality that extend beyond LDAPv3 is realized via OpenLDAP/ApacheDS specific features. With the advent of Rest and Web products, [Apache Tomcat](http://tomcat).apache.org/, or preferred Java servlet container is used to process HTTP communications between endpoints.  
 
 ## What standards apply?
 
@@ -67,17 +57,17 @@ The following technology standards are a
 
 ### ANSI Role-Based Access Control (INCITS 359) 
 
-There is more to compliance than assigning users to groups and applying ACL policies within directories or databases.  [RBAC](http://csrc.nist.gov/groups/SNS/rbac/documents/draft-rbac-implementation-std-v01.pdf) systems provide selective Role activation/deactivation, role hierarchies, and constraints over separation of duty.  The [RBAC](http://csrc.nist.gov/groups/SNS/rbac/documents/draft-rbac-implementation-std-v01.pdf) component provides APIs to add, update, delete, and search the directory data.  Fortress provides everything that is needed to exploit the full power of this ANSI specification.
+There is more to RBAC than assigning users to groups and applying ACL policies within directories or databases.  [RBAC](http://csrc.nist.gov/groups/SNS/rbac/documents/draft-rbac-implementation-std-v01.pdf) systems provide selective Role activation/deactivation, role hierarchies, and constraints over separation of duty.  The [RBAC](http://csrc.nist.gov/groups/SNS/rbac/documents/draft-rbac-implementation-std-v01.pdf) component provides APIs to add, update, delete, and search the directory data
 
 More info can be found on [Intro to ANSI RBAC Page](user-guide/1-intro-rbac.html)
 
 ### [Java EE Platform](http://java.net/projects/javaee-spec/pages/Home) (tm) Security
 
-Used for SSL, X.509 mutual authentication, form-based container authentication, coarse-grained authorization, SSO and more.  Works within compliant Java Web apps like EnMasse policy server.  Java EE security is good because its declarative controls keep the development and integration costs low.  At the same time, it provides adequate network system security and the business apps run fast due to caching maintained within the app server container.  This reduces costs because of fewer round-trips between the application and policy servers.
+Used for SSL, X.509 mutual authentication, form-based container authentication, authorization and SSO.  Works within compliant Java Web apps like Fortress Rest and Web.  
 
 ### Administrative Role-Based Access Control ([ARBAC02](http://profsandhu.com/journals/tissec/p113-oh.pdf))
 
-The ARBAC model explains how [RBAC](http://csrc.nist.gov/groups/SNS/rbac/documents/draft-rbac-implementation-std-v01.pdf) can be extended with organizational controls to govern policies regarding the security administration process. ARBAC helps by allowing administrative tasks be delegated to end users who fall outside typical datacenter operations.  Cost savings is realized through lower overhead due to delegation while at same time maintaining a firm grip on compliance.
+The ARBAC model explains how [RBAC](http://csrc.nist.gov/groups/SNS/rbac/documents/draft-rbac-implementation-std-v01.pdf) can be extended with organizational controls to govern policies regarding the security administration process. ARBAC helps by allowing administrative tasks be delegated to end users who fall outside typical datacenter operations. 
 
 ### IETF Password Policies
 
@@ -85,7 +75,7 @@ OpenLDAP has supported this draft since
 
 ### Auditing
 
-Fortress audits use OpenLDAP's slapd access log overlay.  This extended capability stores history of slapd events which are needed for replication.  The events are persisted in OpenLDAP's back-end database, called the [Lightning Memory-Mapped DB](http://www.openldap.org/pub/hyc/mdm-paper.pdf), or in ApacheDS.
+Fortress audits use OpenLDAP's slapd access log overlay.
 
 The Fortress audits rely on slapd events to track its data exchanges performed within its own APIs.  Change event tracking includes adds, updates, and deletes of Fortress entities.  Read and search events tracked include user authentication, authorization, and policy interrogations.  Full historical data change tracking is maintained and may be searched later with APIs to be used for monitoring, reporting, and undo. The log may be retrieved later to synch with outside database for long-term regulatory and compliance concerns.  
 
@@ -99,26 +89,34 @@ One day.
 
 ## What security services are available?
 
-Over one hundred services divided across the Manager components.  Some of them (Access, Admin and Review) map back to [ANSI RBAC functional specifications](http://csrc.nist.gov/groups/SNS/rbac/documents/draft-rbac-implementation-std-v01.pdf).  Others (DelAccess, DelAdmin, DelReview) are for the [ARBAC02](http://profsandhu.com/journals/tissec/p113-oh.pdf) model which help manage admnistrative burden for large enterprises.  
+Over one hundred services divided across the Manager components.
+
+A description of the managers follow with their javadoc links...
+
+RBAC
+* Performs runtime access control operations on objects that are provisioned RBAC entities that reside in LDAP directory. - [AccessMgr.html] - (https://directory.apache.org/fortress/gen-docs/latest/apidocs/org/apache/directory/fortress/core/AccessMgr.html)
+* Performs administrative functions to provision Fortress RBAC entities into the LDAP directory. - [AdminMgr.html] - (https://directory.apache.org/fortress/gen-docs/latest/apidocs/org/apache/directory/fortress/core/AdminMgr.html)
+* The review functions on RBAC entities in LDAP. - [ReviewMgr.html] - (https://directory.apache.org/fortress/gen-docs/latest/apidocs/org/apache/directory/fortress/core/ReviewMgr.html)
+
+ARBAC:
+* Runtime delegated access control operations on objects that are provisioned Fortress ARBAC entities that reside in LDAP. - [DelAccessMgr.html] - (https://directory.apache.org/fortress/gen-docs/latest/apidocs/org/apache/directory/fortress/core/DelAccessMgr.html)
+* Policy administration of Fortress ARBAC entities in LDAP. - [DelAdminMgr.html] - (https://directory.apache.org/fortress/gen-docs/latest/apidocs/org/apache/directory/fortress/core/DelAdminMgr.html)
+* Policy review ops of ARBAC entities in LDAP. - [DelReviewMgr.html] - (https://directory.apache.org/fortress/gen-docs/latest/apidocs/org/apache/directory/fortress/core/DelReviewMgr.html)
 
-Each manager component defined below has a specific purpose and contains a collection of related functions to control the Fortress Entities as they pass through its particular area of the identity lifecycle.  Of late the APIs have been wrapped with REST by En Masse Policy Server.  This allows Fortress functionality to be accessed over HTTP protocol using an XML message format.
+PW Policies:
+* Used to perform admin and review functions on the PWPOLICIES data sets. - [PwPolicyMgr.html] - (https://directory.apache.org/fortress/gen-docs/latest/apidocs/org/apache/directory/fortress/core/PwPolicyMgr.html)
 
-A description of the managers follow...
+Audit
+* Methods used to search OpenLDAP's slapd access log for fortress events. - [AuditMgr.html] - (https://directory.apache.org/fortress/gen-docs/latest/apidocs/org/apache/directory/fortress/core/AuditMgr.html)
 
-* AccessMgr - This object performs runtime access control operations on objects that are provisioned [RBAC](http://csrc.nist.gov/groups/SNS/rbac/documents/draft-rbac-implementation-std-v01.pdf) entities that reside in LDAP directory to maintain policy enforcement.
-* AdminMgr - This object performs administrative functions to provision Fortress RBAC entities into the LDAP directory.  Can be used to build custom application and UIs.
-* AuditMgr - This interface prescribes methods used to search OpenLDAP's slapd access log that contains an audit trail of entity operational state to maintain and verify compliance.
-* DelAcessMgr - This interface prescribes the API for performing runtime delegated access control operations on objects that are provisioned Fortress [ARBAC02](http://profsandhu.com/journals/tissec/p113-oh.pdf) entities that reside in LDAP directory to maintain policy enforcement.
-* DelAdminMgr - This class prescribes the [ARBAC02](http://profsandhu.com/journals/tissec/p113-oh.pdf) DelegatedAdminMgr interface for performing policy administration of Fortress ARBAC entities that reside in LDAP directory.  Can be used to build custom security application and UIs.
-* DelReviewMgr - This class prescribes the [ARBAC02](http://profsandhu.com/journals/tissec/p113-oh.pdf) DelegatedReviewMgr interface for performing policy interrogation of provisioned Fortress [ARBAC02](http://profsandhu.com/journals/tissec/p113-oh.pdf) entities that reside in LDAP directory to maintain and verify compliance.
-* PswdPolicyMgr - This object adheres to [IETF PW policy draft](http://tools.ietf.org/html/draft-behera-ldap-password-policy-10) and is used to perform administrative and review functions on the PWPOLICIES and USERS data sets within Fortress.
-* ReviewMgr - This interface prescribes the administrative review functions on already provisioned Fortress [RBAC](http://csrc.nist.gov/groups/SNS/rbac/documents/draft-rbac-implementation-std-v01.pdf) entities that reside in LDAP directory to maintain and verify compliance.
+Config
+* CRUD methods used to manage properties stored within LDAP. - [ConfigMgr.html] - (https://directory.apache.org/fortress/gen-docs/latest/apidocs/org/apache/directory/fortress/core/ConfigMgr.html)
 
 ## Where is it?
 
 Source is managed by Apache's GIT repo:
 
-* [Fortress Core](https://git-wip-us.apache.org/repos/asf/directory-fortress-core.git) - RBAC SDK
-* [Fortress Web](https://git-wip-us.apache.org/repos/asf/directory-fortress-commander.git) - RBAC Web Management UI
-* [Fortress Rest](https://git-wip-us.apache.org/repos/asf/directory-fortress-enmasse.git) - RBAC REST Server
-* [Fortress Realm](https://git-wip-us.apache.org/repos/asf/directory-fortress-realm.git) - RBAC Policy Enforcement Plug-in for Tomcat
+* [Fortress Core](https://git-wip-us.apache.org/repos/asf/directory-fortress-core.git)
+* [Fortress Web](https://git-wip-us.apache.org/repos/asf/directory-fortress-commander.git)
+* [Fortress Rest](https://git-wip-us.apache.org/repos/asf/directory-fortress-enmasse.git)
+* [Fortress Realm](https://git-wip-us.apache.org/repos/asf/directory-fortress-realm.git)