Hi, I would say that #2 (SSO) and #4(attribute-based access control) are important. In my opinion, SAML is a technology of the past, go for OAuth2.0.
Currently, it is quite hard to install Fortress because there are many manual steps. I would say that Fortress packaging should be prioritized (next step #0)! It should be as easy as with Apache Syncope, for example. /Oleksandr On 1/6/2015 15:08 , "Shawn McKinney" <[email protected]> wrote: >Hello, > >This posting is to inform the community of the status of the fortress >product and give hints as to future direction. > >Current Status of Fortress product: >1. Fortress fully implements ANSI RBAC (INCITS 359). >2. Fortress provides an SDK, Web UI, Restful component and Tomcat >security plug-ins > >Next steps: >1. Add support for RFC2307bis which provides UNIX security capabilities >(core, rest, web) >2. Add support for SSO (new component) >3. Add support for annotation-based policy enforcement in Java EE >components (realm) >4. Add support for attribute-based access control (core, rest, web) > >This is a community-driven product. It makes no sense to add >capabilities that are not necessary or otherwise won¹t be used. So, if >this list does not look right to you, with elements either missing or >misplaced - let us know what you think. > >Best, > >Shawn >[email protected] > > >
