A call to arms (for fortress case studies)

[Shawn McKinney <sm...@apache.org>]

Hello,

Today we lack publications describing fortress usage in production. 

Are you using fortress today?  If so I need your help.  We need case studies, how it’s being used, and the results of that usage.  

Where to publish the case study is another matter.  If you don’t have blog or wiki, we could do it on the project website.

Ideas?

Thanks,
Shawn

Re: A call to arms (for fortress case studies)

[Shawn McKinney <sm...@apache.org>]

> On May 9, 2017, at 10:50 AM, Yudhi Karunia Surtan <br...@gmail.com> wrote:
> 
> Here is the link of my testimony to apache fortress,
> *http://directory.staging.apache.org/fortress/testimonials.html
> <http://directory.staging.apache.org/fortress/testimonials.html>*
> I wish this page can be publish to public page so other people might have
> the same benefit as me using apache fortress. There i also give an example
> case for generic use case.
> I hope those example might become a trigger for other person or community
> to give ideas for solve their problems.

Hello Yudhi, Combing CAS and Fortress via a declarative filtering mechanism is an effective means for integrating SSO and properly securing web apps.  First, it is programmer unaware, which is fail-safe.  Second, you’ve managed to combine the sessions for the two which is something rarely done in practice.  Congrats on this impressive work and for a solid security solution.  You’ve done very well.  

And thanks to you and your team for this contribution to our community. Perhaps one day we can more closely integrate this into our project, but in any case it’s a best-practice and I encourage others to try it.

Here is the link on prod: http://directory.apache.org/fortress/testimonials.html

Shawn

Re: A call to arms (for fortress case studies)

[Yudhi Karunia Surtan <br...@gmail.com>]

Here is the link of my testimony to apache fortress,
*http://directory.staging.apache.org/fortress/testimonials.html
<http://directory.staging.apache.org/fortress/testimonials.html>*
I wish this page can be publish to public page so other people might have
the same benefit as me using apache fortress. There i also give an example
case for generic use case.
I hope those example might become a trigger for other person or community
to give ideas for solve their problems.

On Apr 13, 2017 10:26 PM, "Shawn McKinney" <sm...@apache.org> wrote:

>
> > On Apr 13, 2017, at 8:31 AM, Yudhi Karunia Surtan <
> brainmaster716@gmail.com> wrote:
> >
> > I'm using fortress live at my production level, i did combine it with
> cas,
> > spring security and fortress to make a request filter for our internal
> > application.
> > I willing to help this project to spread, so other developer life also
> > getting more easier in term of the securing their apps.
> >
>
> Hello Yudhi,
>
> Thanks for jumping in here.  We very much welcome your input and offer to
> help.
>
> >
> > However, I'm not a good documentation writer but i want to contribute
> back
> > to the community because this project help us to saving development time
> > and become a good example for me.
> > here is my previous idea (if you still remember),
> > https://github.com/yudhik/fortress-attribute-base-filtering
> >
> > Please let me know what kind of story that you need and what file format
> > that you want to have.
>
> I remember quite well.  I can proofread the post and will assist in
> getting it published somewhere.  The really cool thing (for me) is I get to
> this solution, and if it all works out, we may be able to add it to the
> project.  Not sure which package, will need to look at the dependencies
> before knowing where it can fit.
>
> I’ll start a new google doc and share it with you and we’ll go from there.
>
> Best,
> Shawn

Re: A call to arms (for fortress case studies)

[Shawn McKinney <sm...@apache.org>]

> On Apr 13, 2017, at 8:31 AM, Yudhi Karunia Surtan <br...@gmail.com> wrote:
> 
> I'm using fortress live at my production level, i did combine it with cas,
> spring security and fortress to make a request filter for our internal
> application.
> I willing to help this project to spread, so other developer life also
> getting more easier in term of the securing their apps.
> 

Hello Yudhi,

Thanks for jumping in here.  We very much welcome your input and offer to help.

> 
> However, I'm not a good documentation writer but i want to contribute back
> to the community because this project help us to saving development time
> and become a good example for me.
> here is my previous idea (if you still remember),
> https://github.com/yudhik/fortress-attribute-base-filtering
> 
> Please let me know what kind of story that you need and what file format
> that you want to have.

I remember quite well.  I can proofread the post and will assist in getting it published somewhere.  The really cool thing (for me) is I get to this solution, and if it all works out, we may be able to add it to the project.  Not sure which package, will need to look at the dependencies before knowing where it can fit.

I’ll start a new google doc and share it with you and we’ll go from there.

Best,
Shawn

Re: A call to arms (for fortress case studies)

[Yudhi Karunia Surtan <br...@gmail.com>]

Hi Shawn,


I'm using fortress live at my production level, i did combine it with cas,
spring security and fortress to make a request filter for our internal
application.
I willing to help this project to spread, so other developer life also
getting more easier in term of the securing their apps.

However, I'm not a good documentation writer but i want to contribute back
to the community because this project help us to saving development time
and become a good example for me.
here is my previous idea (if you still remember),
https://github.com/yudhik/fortress-attribute-base-filtering

Please let me know what kind of story that you need and what file format
that you want to have.


Regards,

Yudhi Karunia Surtan
--------------------------------------
https://github.com/yudhik

On Wed, Apr 12, 2017 at 10:28 PM, Shawn McKinney <sm...@apache.org>
wrote:

> Just a bit more on this topic…
>
> We know fortress is being used via the download statistics on our website
> and maven.  Some of these usages we’re familiar with, i.e. Penn State, but
> most are opaque.
>
> <soapbox>
>
> So, when one starts to search about fortress there isn’t much out there
> beyond what’s been published via this project team — directly.
>
> This leaves an impression of low-traction thus not long-term viable.
>
> Of course security is an *extremely* sensitive topic and there will always
> be a hesitancy to publish howtos — especially for internal/closed-source
> projects (for good reason).
>
> Which is why I offered to publish your story here, on this project’s
> website.  We can use pseudo names to protect the privacy of the
> organizations and people involved.
>
> Keep in mind this project is an all volunteer effort.  Commercial vendors
> don’t like us because we offer a free alternative for what traditionally
> req’d expensive software licenses before.
>
> If you like (use) this project’s wares and want them continue to be
> published, we’re going to need some help to start spreading the word, so we
> can build this community.
>
> </soapbox>
>
> If you have a story about fortress, and are willing to share, let us
> know.  Feel free to contact me privately if there are concerns.
>
> Shawn
>
> > On Apr 6, 2017, at 11:06 AM, Shawn McKinney <sm...@apache.org>
> wrote:
> >
> > Hello,
> >
> > Today we lack publications describing fortress usage in production.
> >
> > Are you using fortress today?  If so I need your help.  We need case
> studies, how it’s being used, and the results of that usage.
> >
> > Where to publish the case study is another matter.  If you don’t have
> blog or wiki, we could do it on the project website.
> >
> > Ideas?
> >
> > Thanks,
> > Shawn
>
>

Re: A call to arms (for fortress case studies)

[Shawn McKinney <sm...@apache.org>]

Just a bit more on this topic…

We know fortress is being used via the download statistics on our website and maven.  Some of these usages we’re familiar with, i.e. Penn State, but most are opaque.

<soapbox>

So, when one starts to search about fortress there isn’t much out there beyond what’s been published via this project team — directly.

This leaves an impression of low-traction thus not long-term viable.

Of course security is an *extremely* sensitive topic and there will always be a hesitancy to publish howtos — especially for internal/closed-source projects (for good reason).

Which is why I offered to publish your story here, on this project’s website.  We can use pseudo names to protect the privacy of the organizations and people involved.

Keep in mind this project is an all volunteer effort.  Commercial vendors don’t like us because we offer a free alternative for what traditionally req’d expensive software licenses before.  

If you like (use) this project’s wares and want them continue to be published, we’re going to need some help to start spreading the word, so we can build this community.

</soapbox>

If you have a story about fortress, and are willing to share, let us know.  Feel free to contact me privately if there are concerns.

Shawn

> On Apr 6, 2017, at 11:06 AM, Shawn McKinney <sm...@apache.org> wrote:
> 
> Hello,
> 
> Today we lack publications describing fortress usage in production. 
> 
> Are you using fortress today?  If so I need your help.  We need case studies, how it’s being used, and the results of that usage.  
> 
> Where to publish the case study is another matter.  If you don’t have blog or wiki, we could do it on the project website.
> 
> Ideas?
> 
> Thanks,
> Shawn