Hello, Just recently I've received the requirement for Fortress to support RFC2307(BIS) type attributes:
http://www.padl.com/~lukeh/rfc2307bis.txt Used for managing unix users and groups. This requirement was communicated via my employer who maintains a unix-style user security/management system that uses OpenLDAP as the directory. While this requirement isn't specific to RBAC per se, it overlaps in an interesting ways. The traditional unix policy enforcement mechanisms, e.g. PAM, sudo, may be modified to support RBAC-style permission semantics including an rbac session. Fortress support for RFC2307 objects/attributes would pave the road for this kind of integration. It also would allow the Fortress web component to be utilized by users for adding these kinds of objects to the directory. In addition the Fortress core enforcement mechanism would be useful to control administrative capabilities for users to effect change to these objects. So my question is: How should the support be added for RFC2307: a. modify fortress core to support the new object/attributes natively. b. provide an extension mechanism to fortress so that users can add this type of support themselves and/or c. design/implement the RFC2307 support as a separate product, albeit one that builds upon and extends many of fortress core's capabilities. WDYT? Shawn
