Re: Apache Directory & Apachecon US 2015 Austin

[Shawn McKinney <sm...@apache.org>]

Hello!

I have submitted the following proposals for talks to ApacheCon North America:

1. The Anatomy of a Secure Web application using Apache Fortress - http://events.linuxfoundation.org/cfp/proposals/4828/4076

Although the Java EE architecture provides the necessary enablement, most developers do not have the time or the training to take full advantage of all the available tools. This technical session describes and demos an end-to-end application security architecture using Apache Wicket and Fortress. It includes practical, hands-on guidance to properly implementing authentication, authorization, and confidentiality with Java EE security. In addition to finding out where the security controls must be placed and why, attendees will be provided with code they can use to kick-start their own highly secure Java web applications.

2. RBAC enable your Java Web apps using Apache Directory and Fortress - http://events.linuxfoundation.org/cfp/proposals/4828/4078

Fortress has recently been added as sub-project to the Apache Directory project. This session will provide an overview of the project and its roadmap.

3. Using Roles for Access Control is not Role-Based Access Control - http://events.linuxfoundation.org/cfp/proposals/4828/4077

Misnomers abound as to what constitutes a working role-based access control (RBAC) system. With ANSI RBAC, groups are not roles and resource connections are not sessions. This presentation explains what ANSI RBAC is and how it can be applied. It dispels long-standing myths. Additionally you’ll receive tips on how to implement a successful RBAC program using well-established best practices. The session also introduces you to Apache Fortress, a fully compliant RBAC implementation.

4. The Case for RBAC Standardization in the Directory - http://events.linuxfoundation.org/cfp/proposals/4828/4079

Discussion about efforts to standardize the RBAC protocol in the directory.  The standardization covers two broad areas:

1. A standard LDAP schema for RBAC
2. A standard LDAP protocol for RBAC

Topics of discussion include the status, rationale and technical details of these standardization efforts.

Any comments welcome.

Cheers,

Shawn

On 12/28/2014 05:35 AM, Pierre Smits wrote:
> Hi All,
> 
> Our talks held at Apachecon US 2014 in Budapest, on the various subjects related to our projects and its products, were a huge success: I experienced packed rooms while Emmanuel and Shawn shared their insights and experiences. This truly shows that we don't just do our contributions for ourselves, but that our solutions are in demand and that people are interested in how we do things in our project. 
> 
> The talks held were:
> 
>   * RBAC Authorization with Apache Directory Server and Fortress
>   * LDAP Testing: Does it have to be a Nightmare?
> 
> As has been anounced by the board, we have a new opportunity to promote our project, our solutions and our viewpoints on the various aspects of Identity & Role Management, Authentication & Authorisation, the progress in our sub projects and directions for the future (and more) at the upcoming Apachecon US 2015 event. This event will be held on the North American continent in Austin, Texas, USA from April 13th till April 17th, with conferences during the first 3 days.
> 
> So I start this thread to investigate whether there is an interest to participate and hold talks again at the upcoming event. Think about:
> 
>   * The state of the project
>   * How our product X enables/supports company 1
>   * How our product X enhances product Y
>   * etc.
> 
> What do you think?
> I am sure that the greater subject of "User, Role, Identity Enablement & Control" can spawn a lot of (suggestions or ideas of) talks.
> 
> To give you a heads up on the upcoming event, I list some reference pages below:
> 
>   * http://wiki.apache.org/apachecon/FrontPage
>   * http://wiki.apache.org/apachecon/ACNA2015ContentCommittee
> 
> 
> Best regards,
> Pierre Smits
> 
> *ORRTIZ.COM <http://www.orrtiz.com>*
> Services & Solutions for Cloud-
> Based Manufacturing, Professional
> Services and Retail & Trade
> http://www.orrtiz.com <http://www.orrtiz.com/>

RE: Apache Directory & Apachecon US 2015 Austin

["Zheng, Kai" <ka...@intel.com>]

Hi Shawn,

Thanks for your detailed guidance. It's great for me to learn about this new ApacheDS sub project Fortress.

Regards,
Kai

-----Original Message-----
From: Shawn McKinney [mailto:smckinney@apache.org] 
Sent: Saturday, January 24, 2015 10:55 PM
To: dev@directory.apache.org
Subject: Re: Apache Directory & Apachecon US 2015 Austin

On 01/24/2015 06:27 AM, Zheng, Kai wrote:
> Hi Shawn,
> 
> Great topics and they're very interesting. I wish I could be an audience of them. :-) 
> 
> Do you have some materials for me to learn about ? Thanks. 

Hi Kai,

Thanks for showing interest.  Yes, we have several tutorials you can look at.  They are at varying levels of complexity.  The first, is understanding how to use the fortress apis themselves.  For that you can view the javadoc, which can be generated (of course), or you can have a look here:

http://symas.com/javadocs/fortress/

There are coding samples that will help with understanding how to use the fortress apis themselves.  In the fortress source, you can find them under:

basepackage/src/test/java/org/apache/directory/fortress/core/samples

  is a separate ant build to compile and run the samples.  You can also run as one of the targets under the main build:

ant test-samples

Take a look at the quickstart guide for more info on how to invoke the ant targets.  

http://directory.apache.org/fortress/quick-start.html

For usage within a container, i.e. if you want the container to call back to fortress during security checks (using java ee security), you can hava a look at these tutorials:

1. base tomcat security: http://symas.com/kb/using-fortress-spring-and-tomcat-to-secure-wicket-6-x-applications/

2. end-to-end tomcat security: http://symas.com/kb/demonstrate-end-to-end-security-enforcement-using-open-source/

HTH,

Shawn

Re: Apache Directory & Apachecon US 2015 Austin

[Shawn McKinney <sm...@apache.org>]

On 01/24/2015 06:27 AM, Zheng, Kai wrote:
> Hi Shawn,
> 
> Great topics and they're very interesting. I wish I could be an audience of them. :-) 
> 
> Do you have some materials for me to learn about ? Thanks. 

Hi Kai,

Thanks for showing interest.  Yes, we have several tutorials you can look at.  They are at varying levels of complexity.  The first, is understanding how to use the fortress apis themselves.  For that you can view the javadoc, which can be generated (of course), or you can have a look here:

http://symas.com/javadocs/fortress/

There are coding samples that will help with understanding how to use the fortress apis themselves.  In the fortress source, you can find them under:

basepackage/src/test/java/org/apache/directory/fortress/core/samples

  is a separate ant build to compile and run the samples.  You can also run as one of the targets under the main build:

ant test-samples

Take a look at the quickstart guide for more info on how to invoke the ant targets.  

http://directory.apache.org/fortress/quick-start.html

For usage within a container, i.e. if you want the container to call back to fortress during security checks (using java ee security), you can hava a look at these tutorials:

1. base tomcat security: http://symas.com/kb/using-fortress-spring-and-tomcat-to-secure-wicket-6-x-applications/

2. end-to-end tomcat security: http://symas.com/kb/demonstrate-end-to-end-security-enforcement-using-open-source/

HTH,

Shawn

RE: Apache Directory & Apachecon US 2015 Austin

["Zheng, Kai" <ka...@intel.com>]

Hi Shawn,

Great topics and they're very interesting. I wish I could be an audience of them. :-) 

Do you have some materials for me to learn about ? Thanks. 

Regards,
Kai

-----Original Message-----
From: Shawn McKinney [mailto:smckinney@apache.org] 
Sent: Saturday, January 24, 2015 6:19 AM
To: dev@directory.apache.org
Subject: Re: Apache Directory & Apachecon US 2015 Austin

Two more for good measure  :-)

5. Migrating from Unbound ID LDAP SDK to Apache LDAP API - http://events.linuxfoundation.org/cfp/proposals/4828/4086

Fortress has recently moved to Apache Directory as sub-project. An important aspect of this move was migrating internal Fortress data access calls from UnboundID to Apache LDAP client API. This discussion covers the rationale and results of this effort and includes the results of benchmarks. It provides tips and code that other projects may need for similar migrations. Additionally it will provide info for Netscape/Mozilla LDAP client migration.

6. The Case for a Policy Decision Point inside the Directory - http://events.linuxfoundation.org/cfp/proposals/4828/4085

Performance characteristics of processes change as they get moved around the network. Bound by network io? Move the database daemon to the same tier as the client process. Too much file io? Store the data in memory as opposed to disk. etc… These same options apply for system architecture with respect to security. Location of policy enforcement, decision, and database processes hugely impact the overall welfare of your organization’s computational systems. What happens when we move the policy decision point inside of the directory server? This talk will discuss a proposal to host an RBAC policy decision point (PDP) inside of Apache DS. It will discuss the different options for PDPs along with their associated pros/cons.

On 01/23/2015 09:56 AM, Shawn McKinney wrote:
> Hello!
> 
> I have submitted the following proposals for talks to ApacheCon North America:
> 
> 1. The Anatomy of a Secure Web application using Apache Fortress - http://events.linuxfoundation.org/cfp/proposals/4828/4076
> 
> Although the Java EE architecture provides the necessary enablement, most developers do not have the time or the training to take full advantage of all the available tools. This technical session describes and demos an end-to-end application security architecture using Apache Wicket and Fortress. It includes practical, hands-on guidance to properly implementing authentication, authorization, and confidentiality with Java EE security. In addition to finding out where the security controls must be placed and why, attendees will be provided with code they can use to kick-start their own highly secure Java web applications.
> 
> 2. RBAC enable your Java Web apps using Apache Directory and Fortress - http://events.linuxfoundation.org/cfp/proposals/4828/4078
> 
> Fortress has recently been added as sub-project to the Apache Directory project. This session will provide an overview of the project and its roadmap.
> 
> 3. Using Roles for Access Control is not Role-Based Access Control - http://events.linuxfoundation.org/cfp/proposals/4828/4077
> 
> Misnomers abound as to what constitutes a working role-based access control (RBAC) system. With ANSI RBAC, groups are not roles and resource connections are not sessions. This presentation explains what ANSI RBAC is and how it can be applied. It dispels long-standing myths. Additionally you’ll receive tips on how to implement a successful RBAC program using well-established best practices. The session also introduces you to Apache Fortress, a fully compliant RBAC implementation.
> 
> 4. The Case for RBAC Standardization in the Directory - http://events.linuxfoundation.org/cfp/proposals/4828/4079
> 
> Discussion about efforts to standardize the RBAC protocol in the directory.  The standardization covers two broad areas:
> 
> 1. A standard LDAP schema for RBAC
> 2. A standard LDAP protocol for RBAC
> 
> Topics of discussion include the status, rationale and technical details of these standardization efforts.
> 
> Any comments welcome.
> 
> Cheers,
> 
> Shawn
> 
> On 12/28/2014 05:35 AM, Pierre Smits wrote:
>> Hi All,
>>
>> Our talks held at Apachecon US 2014 in Budapest, on the various subjects related to our projects and its products, were a huge success: I experienced packed rooms while Emmanuel and Shawn shared their insights and experiences. This truly shows that we don't just do our contributions for ourselves, but that our solutions are in demand and that people are interested in how we do things in our project. 
>>
>> The talks held were:
>>
>>   * RBAC Authorization with Apache Directory Server and Fortress
>>   * LDAP Testing: Does it have to be a Nightmare?
>>
>> As has been anounced by the board, we have a new opportunity to promote our project, our solutions and our viewpoints on the various aspects of Identity & Role Management, Authentication & Authorisation, the progress in our sub projects and directions for the future (and more) at the upcoming Apachecon US 2015 event. This event will be held on the North American continent in Austin, Texas, USA from April 13th till April 17th, with conferences during the first 3 days.
>>
>> So I start this thread to investigate whether there is an interest to participate and hold talks again at the upcoming event. Think about:
>>
>>   * The state of the project
>>   * How our product X enables/supports company 1
>>   * How our product X enhances product Y
>>   * etc.
>>
>> What do you think?
>> I am sure that the greater subject of "User, Role, Identity Enablement & Control" can spawn a lot of (suggestions or ideas of) talks.
>>
>> To give you a heads up on the upcoming event, I list some reference pages below:
>>
>>   * http://wiki.apache.org/apachecon/FrontPage
>>   * http://wiki.apache.org/apachecon/ACNA2015ContentCommittee
>>
>>
>> Best regards,
>> Pierre Smits
>>
>> *ORRTIZ.COM <http://www.orrtiz.com>*
>> Services & Solutions for Cloud-
>> Based Manufacturing, Professional
>> Services and Retail & Trade
>> http://www.orrtiz.com <http://www.orrtiz.com/>
> 

Re: Apache Directory & Apachecon US 2015 Austin

[Shawn McKinney <sm...@apache.org>]

Two more for good measure  :-)

5. Migrating from Unbound ID LDAP SDK to Apache LDAP API - http://events.linuxfoundation.org/cfp/proposals/4828/4086

Fortress has recently moved to Apache Directory as sub-project. An important aspect of this move was migrating internal Fortress data access calls from UnboundID to Apache LDAP client API. This discussion covers the rationale and results of this effort and includes the results of benchmarks. It provides tips and code that other projects may need for similar migrations. Additionally it will provide info for Netscape/Mozilla LDAP client migration.

6. The Case for a Policy Decision Point inside the Directory - http://events.linuxfoundation.org/cfp/proposals/4828/4085

Performance characteristics of processes change as they get moved around the network. Bound by network io? Move the database daemon to the same tier as the client process. Too much file io? Store the data in memory as opposed to disk. etc… These same options apply for system architecture with respect to security. Location of policy enforcement, decision, and database processes hugely impact the overall welfare of your organization’s computational systems. What happens when we move the policy decision point inside of the directory server? This talk will discuss a proposal to host an RBAC policy decision point (PDP) inside of Apache DS. It will discuss the different options for PDPs along with their associated pros/cons.

On 01/23/2015 09:56 AM, Shawn McKinney wrote:
> Hello!
> 
> I have submitted the following proposals for talks to ApacheCon North America:
> 
> 1. The Anatomy of a Secure Web application using Apache Fortress - http://events.linuxfoundation.org/cfp/proposals/4828/4076
> 
> Although the Java EE architecture provides the necessary enablement, most developers do not have the time or the training to take full advantage of all the available tools. This technical session describes and demos an end-to-end application security architecture using Apache Wicket and Fortress. It includes practical, hands-on guidance to properly implementing authentication, authorization, and confidentiality with Java EE security. In addition to finding out where the security controls must be placed and why, attendees will be provided with code they can use to kick-start their own highly secure Java web applications.
> 
> 2. RBAC enable your Java Web apps using Apache Directory and Fortress - http://events.linuxfoundation.org/cfp/proposals/4828/4078
> 
> Fortress has recently been added as sub-project to the Apache Directory project. This session will provide an overview of the project and its roadmap.
> 
> 3. Using Roles for Access Control is not Role-Based Access Control - http://events.linuxfoundation.org/cfp/proposals/4828/4077
> 
> Misnomers abound as to what constitutes a working role-based access control (RBAC) system. With ANSI RBAC, groups are not roles and resource connections are not sessions. This presentation explains what ANSI RBAC is and how it can be applied. It dispels long-standing myths. Additionally you’ll receive tips on how to implement a successful RBAC program using well-established best practices. The session also introduces you to Apache Fortress, a fully compliant RBAC implementation.
> 
> 4. The Case for RBAC Standardization in the Directory - http://events.linuxfoundation.org/cfp/proposals/4828/4079
> 
> Discussion about efforts to standardize the RBAC protocol in the directory.  The standardization covers two broad areas:
> 
> 1. A standard LDAP schema for RBAC
> 2. A standard LDAP protocol for RBAC
> 
> Topics of discussion include the status, rationale and technical details of these standardization efforts.
> 
> Any comments welcome.
> 
> Cheers,
> 
> Shawn
> 
> On 12/28/2014 05:35 AM, Pierre Smits wrote:
>> Hi All,
>>
>> Our talks held at Apachecon US 2014 in Budapest, on the various subjects related to our projects and its products, were a huge success: I experienced packed rooms while Emmanuel and Shawn shared their insights and experiences. This truly shows that we don't just do our contributions for ourselves, but that our solutions are in demand and that people are interested in how we do things in our project. 
>>
>> The talks held were:
>>
>>   * RBAC Authorization with Apache Directory Server and Fortress
>>   * LDAP Testing: Does it have to be a Nightmare?
>>
>> As has been anounced by the board, we have a new opportunity to promote our project, our solutions and our viewpoints on the various aspects of Identity & Role Management, Authentication & Authorisation, the progress in our sub projects and directions for the future (and more) at the upcoming Apachecon US 2015 event. This event will be held on the North American continent in Austin, Texas, USA from April 13th till April 17th, with conferences during the first 3 days.
>>
>> So I start this thread to investigate whether there is an interest to participate and hold talks again at the upcoming event. Think about:
>>
>>   * The state of the project
>>   * How our product X enables/supports company 1
>>   * How our product X enhances product Y
>>   * etc.
>>
>> What do you think?
>> I am sure that the greater subject of "User, Role, Identity Enablement & Control" can spawn a lot of (suggestions or ideas of) talks.
>>
>> To give you a heads up on the upcoming event, I list some reference pages below:
>>
>>   * http://wiki.apache.org/apachecon/FrontPage
>>   * http://wiki.apache.org/apachecon/ACNA2015ContentCommittee
>>
>>
>> Best regards,
>> Pierre Smits
>>
>> *ORRTIZ.COM <http://www.orrtiz.com>*
>> Services & Solutions for Cloud-
>> Based Manufacturing, Professional
>> Services and Retail & Trade
>> http://www.orrtiz.com <http://www.orrtiz.com/>
>