Hello! I have submitted the following proposals for talks to ApacheCon North America:
1. The Anatomy of a Secure Web application using Apache Fortress - http://events.linuxfoundation.org/cfp/proposals/4828/4076 Although the Java EE architecture provides the necessary enablement, most developers do not have the time or the training to take full advantage of all the available tools. This technical session describes and demos an end-to-end application security architecture using Apache Wicket and Fortress. It includes practical, hands-on guidance to properly implementing authentication, authorization, and confidentiality with Java EE security. In addition to finding out where the security controls must be placed and why, attendees will be provided with code they can use to kick-start their own highly secure Java web applications. 2. RBAC enable your Java Web apps using Apache Directory and Fortress - http://events.linuxfoundation.org/cfp/proposals/4828/4078 Fortress has recently been added as sub-project to the Apache Directory project. This session will provide an overview of the project and its roadmap. 3. Using Roles for Access Control is not Role-Based Access Control - http://events.linuxfoundation.org/cfp/proposals/4828/4077 Misnomers abound as to what constitutes a working role-based access control (RBAC) system. With ANSI RBAC, groups are not roles and resource connections are not sessions. This presentation explains what ANSI RBAC is and how it can be applied. It dispels long-standing myths. Additionally you’ll receive tips on how to implement a successful RBAC program using well-established best practices. The session also introduces you to Apache Fortress, a fully compliant RBAC implementation. 4. The Case for RBAC Standardization in the Directory - http://events.linuxfoundation.org/cfp/proposals/4828/4079 Discussion about efforts to standardize the RBAC protocol in the directory. The standardization covers two broad areas: 1. A standard LDAP schema for RBAC 2. A standard LDAP protocol for RBAC Topics of discussion include the status, rationale and technical details of these standardization efforts. Any comments welcome. Cheers, Shawn On 12/28/2014 05:35 AM, Pierre Smits wrote: > Hi All, > > Our talks held at Apachecon US 2014 in Budapest, on the various subjects > related to our projects and its products, were a huge success: I experienced > packed rooms while Emmanuel and Shawn shared their insights and experiences. > This truly shows that we don't just do our contributions for ourselves, but > that our solutions are in demand and that people are interested in how we do > things in our project. > > The talks held were: > > * RBAC Authorization with Apache Directory Server and Fortress > * LDAP Testing: Does it have to be a Nightmare? > > As has been anounced by the board, we have a new opportunity to promote our > project, our solutions and our viewpoints on the various aspects of Identity > & Role Management, Authentication & Authorisation, the progress in our sub > projects and directions for the future (and more) at the upcoming Apachecon > US 2015 event. This event will be held on the North American continent in > Austin, Texas, USA from April 13th till April 17th, with conferences during > the first 3 days. > > So I start this thread to investigate whether there is an interest to > participate and hold talks again at the upcoming event. Think about: > > * The state of the project > * How our product X enables/supports company 1 > * How our product X enhances product Y > * etc. > > What do you think? > I am sure that the greater subject of "User, Role, Identity Enablement & > Control" can spawn a lot of (suggestions or ideas of) talks. > > To give you a heads up on the upcoming event, I list some reference pages > below: > > * http://wiki.apache.org/apachecon/FrontPage > * http://wiki.apache.org/apachecon/ACNA2015ContentCommittee > > > Best regards, > Pierre Smits > > *ORRTIZ.COM <http://www.orrtiz.com>* > Services & Solutions for Cloud- > Based Manufacturing, Professional > Services and Retail & Trade > http://www.orrtiz.com <http://www.orrtiz.com/>
