Hi Shawn, Thank you for your appreciation. Please let me know when you have your repository for those sub-project, or do you think it is better to put it under my own repository first and apache fortress repository will do fork once the sub project is ready?
Regards, Yudhi Karunia Surtan -------------------------------------- http://brainmasterexperience.com <http://www.brainmasterexperience.com> On Sat, Dec 12, 2015 at 11:34 PM, Shawn McKinney <[email protected]> wrote: > > > On Dec 12, 2015, at 6:35 AM, Yudhi Karunia Surtan < > [email protected]> wrote: > > > > Hi Shawn, > > > > After sometime finally, I've already successfully hacking a workaround > for > > fortress implementation client so it is possible to do filtering of > > attribute allowed. > > Previously i did successfully implement fortress sso with cas and page > > filtering, and now i've completely make a full security role base iam > > implementation (horray) > > > > Here is the example code for content filtering : > > > > https://github.com/yudhik/fortress-attribute-base-filtering.git > > > > I would characterize your work as a new web policy enforcement point > (PEP). It is interesting because it binds with fortress in a novel way. > It is valuable because policy enforcement is where help is most needed > (pain) with security and your demonstration of a declarative policy > enforcement (easy to use) while still capable of fine-grained enforcement > (good). > > > > > On Dec 12, 2015, at 6:35 AM, Yudhi Karunia Surtan < > [email protected]> wrote: > > > > Now the question is how to give it the idea back to the community. > > tell me what can i do. > > > > Here is the list that i did to implement a full stack iam for web. > > 1. Hacking CAS to make an authentication to fortress instead of ldap > > 2. Hacking CAS client to get fortress session id and principal > > 3. Create a custom voter in my apps to populate role and filtering > allowed > > web page > > 4. Create a custom filter to filtering allowed page attribute > > > > I hope the idea of my implementation also can help others to securing > their > > apps. > > This brings up the need for a separate conversation. The Apache Directory > Fortress sub-project needs a repository to house related policy enforcement > components. A healthy access management system will have dozens of ways in > which to use and it makes sense that there is place to keep them. > > We could also try to push your ideas into other projects, e.g. Spring, > CAS, Shibboleth, but my inclination is to keep them close for the time > being. > > Shawn > >
