You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by bu...@apache.org on 2015/02/27 16:32:23 UTC

svn commit: r941663 - in /websites/staging/directory/trunk/content: ./ fortress/overview.html

Author: buildbot
Date: Fri Feb 27 15:32:23 2015
New Revision: 941663

Log:
Staging update by buildbot for directory

Modified:
    websites/staging/directory/trunk/content/   (props changed)
    websites/staging/directory/trunk/content/fortress/overview.html

Propchange: websites/staging/directory/trunk/content/
------------------------------------------------------------------------------
--- cms:source-revision (original)
+++ cms:source-revision Fri Feb 27 15:32:23 2015
@@ -1 +1 @@
-1662724
+1662725

Modified: websites/staging/directory/trunk/content/fortress/overview.html
==============================================================================
--- websites/staging/directory/trunk/content/fortress/overview.html (original)
+++ websites/staging/directory/trunk/content/fortress/overview.html Fri Feb 27 15:32:23 2015
@@ -169,8 +169,8 @@
 <ul>
 <li>RBAC Core APIs</li>
 <li>RBAC Web Management UI</li>
-<li>RBAC Web Policy Server</li>
-<li>RBAC Policy Enforcement</li>
+<li>RBAC Rest Server</li>
+<li>RBAC Policy Enforcement Plug-in for Tomcat</li>
 <li>Directory Services with <a href="http://www.openldap.org">OpenLDAP</a> (powered w/Memory-Mapped DB) or <a href="http://directory.apache.org">ApacheDS</a></li>
 </ul>
 <p>It is released under terms of the Apache License 2.0. </p>
@@ -178,7 +178,7 @@
 <p>A demo outlining this capability using embedded Apache Tomcat Server and Realm RBAC Policy Enforcement contained within QUICKSTART packages. </p>
 <p>Features include...</p>
 <ul>
-<li>RBAC Management via APIs, services and Web pages</li>
+<li>RBAC Management via APIs, Restful services and Web pages</li>
 <li>Password Management via APIs, services and self-service Web pages</li>
 <li>Interrogation of centralized audit for management and enforcement activites via APIs, services and Web pages</li>
 <li>Policy enforcement plug-ins to enforce policies in Java, Spring, Linux and Windows platforms</li>
@@ -207,18 +207,10 @@
 <h3 id="auditing">Auditing</h3>
 <p>Fortress audits use OpenLDAP's slapd access log overlay.  This extended capability stores history of slapd events which are needed for replication.  The events are persisted in OpenLDAP's back-end database, called the <a href="http://www.openldap.org/pub/hyc/mdm-paper.pdf">Lightning Memory-Mapped DB</a>, or in ApacheDS.</p>
 <p>The Fortress audits rely on slapd events to track its data exchanges performed within its own APIs.  Change event tracking includes adds, updates, and deletes of Fortress entities.  Read and search events tracked include user authentication, authorization, and policy interrogations.  Full historical data change tracking is maintained and may be searched later with APIs to be used for monitoring, reporting, and undo. The log may be retrieved later to synch with outside database for long-term regulatory and compliance concerns.  </p>
-<p>Fortress will soon use its audit trail for <em>adaptive authorization</em> to stop bad things before they happen.  For example...</p>
-<ul>
-<li>If there have been more than 1,000 authentication failures during the last 60 seconds, notify members of the support center.  Give them a chance to sort it all out. </li>
-<li>If a particular user has failed more than three <em>authorizations</em> during the last 5 minutes, bar access for 20 minutes.  Send email to supervisor and business manager over the web resources.</li>
-<li>If customer withdrawls more than 5,000 pounds in 24 hours, deny further withdrawl for duration of one day. Send notification to customer's email address.</li>
-<li>If more than 1,000,000 Euros are traded within the portfolio of any one trader or group of traders, during any 4 hour period, prevent further trading until manual unlock performed by risk management group.</li>
-<li>etc...</li>
-</ul>
 <h3 id="temporal-constraints">Temporal Constraints</h3>
 <p>The Fortress Temporal model allows Users and Roles to carry time and date Constraints which govern when activations may occur. Role constraints are checked on every call into Fortress.  The user constraint applied only at session creation.</p>
 <h3 id="ansi-rbac-policy-enhanced-incits-494-2012">ANSI RBAC Policy-Enhanced (INCITS-494-2012)</h3>
-<p>Not yet.</p>
+<p>One day.</p>
 <h2 id="what-security-services-are-available">What security services are available?</h2>
 <p>Over one hundred services divided across the Manager components.  Some of them (Access, Admin and Review) map back to <a href="http://csrc.nist.gov/groups/SNS/rbac/documents/draft-rbac-implementation-std-v01.pdf">ANSI RBAC functional specifications</a>.  Others (DelAccess, DelAdmin, DelReview) are for the <a href="http://profsandhu.com/journals/tissec/p113-oh.pdf">ARBAC02</a> model which help manage admnistrative burden for large enterprises.  </p>
 <p>Each manager component defined below has a specific purpose and contains a collection of related functions to control the Fortress Entities as they pass through its particular area of the identity lifecycle.  Of late the APIs have been wrapped with REST by En Masse Policy Server.  This allows Fortress functionality to be accessed over HTTP protocol using an XML message format.</p>
@@ -239,7 +231,7 @@
 <li><a href="https://git-wip-us.apache.org/repos/asf/directory-fortress-core.git">Fortress Core</a> - RBAC SDK</li>
 <li><a href="https://git-wip-us.apache.org/repos/asf/directory-fortress-commander.git">Fortress Web</a> - RBAC Web Management UI</li>
 <li><a href="https://git-wip-us.apache.org/repos/asf/directory-fortress-enmasse.git">Fortress Rest</a> - RBAC REST Server</li>
-<li><a href="https://git-wip-us.apache.org/repos/asf/directory-fortress-realm.git">Fortress Realm</a> - RBAC Policy Enforcement Plugin for Tomcat</li>
+<li><a href="https://git-wip-us.apache.org/repos/asf/directory-fortress-realm.git">Fortress Realm</a> - RBAC Policy Enforcement Plug-in for Tomcat</li>
 </ul>
 <h2 id="what-are-the-conditions">What are the conditions?</h2>
 <p>This software development toolkit is open source, thus free to use and distribute under terms of the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License 2.0</a>.  It was developed and tested on open systems like <a href="http://www.ubuntu.com/">Ubuntu</a> and <a href="http://www.centos.org/">Centos</a> and was helped along by the following open source products:</p>