Shawn (Arkansas),
We definitely need #2 and #3 below ... we're working towards integrating
JavaEE security annotations into our back-end Fortress servers. Once
we've got all the pieces working (against our infrastructure), we'd be
happy to share any of the code that's useful with Realm. I'm intrigued
by Kiran's comment about using SAML for SSO ... I should also point out
that we're using OAuth2 and JWT so that we can secure our REST resources
via Fortress (RBAC) as well.
Our SSO system provides the X-REMOTE-USER and X-REMOTE-REALM headers if
the user's authentication has already been performed (and hasn't timed
out). This makes our front-end pretty specific and actually hampers the
whole Fortress integration a bit. We're using Cosign for local users
and Shibboleth for remote (federated) users.
Thanks for all the hard work you've put into Fortress!
Steve
On 06/01/2015 09:08 AM, Shawn McKinney wrote:
Hello,
This posting is to inform the community of the status of the fortress product
and give hints as to future direction.
Current Status of Fortress product:
1. Fortress fully implements ANSI RBAC (INCITS 359).
2. Fortress provides an SDK, Web UI, Restful component and Tomcat security
plug-ins
Next steps:
1. Add support for RFC2307bis which provides UNIX security capabilities (core,
rest, web)
2. Add support for SSO (new component)
3. Add support for annotation-based policy enforcement in Java EE components
(realm)
4. Add support for attribute-based access control (core, rest, web)
This is a community-driven product. It makes no sense to add capabilities that
are not necessary or otherwise won’t be used. So, if this list does not look
right to you, with elements either missing or misplaced - let us know what you
think.
Best,
Shawn
[email protected]
--
--
"The pen is mightier than the sword if the sword is very short, and the pen is very
sharp." — Terry Pratchett (RIP 2015)
