directory-fortress mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Yudhi Karunia Surtan <brainmaster...@gmail.com>
Subject Re: Fortress Permission Object Attribute
Date Sun, 13 Dec 2015 01:54:39 GMT
Hi Shawn,

Thank you for your appreciation.
Please let me know when you have your repository for those sub-project, or
do you think it is better to put it under my own repository first and
apache fortress repository will do fork once the sub project is ready?

Regards,

Yudhi Karunia Surtan
--------------------------------------
http://brainmasterexperience.com <http://www.brainmasterexperience.com>

On Sat, Dec 12, 2015 at 11:34 PM, Shawn McKinney <smckinney@apache.org>
wrote:

>
> > On Dec 12, 2015, at 6:35 AM, Yudhi Karunia Surtan <
> brainmaster716@gmail.com> wrote:
> >
> > Hi Shawn,
> >
> > After sometime finally, I've already successfully hacking a workaround
> for
> > fortress implementation client so it is possible to do filtering of
> > attribute allowed.
> > Previously i did successfully implement fortress sso with cas and page
> > filtering, and now i've completely make a full security role base iam
> > implementation (horray)
> >
> > Here is the example code for content filtering :
> >
> > https://github.com/yudhik/fortress-attribute-base-filtering.git
> >
>
> I would characterize your work as a new web policy enforcement point
> (PEP).  It is interesting because it binds with fortress in a novel way.
> It is valuable because policy enforcement is where help is most needed
> (pain) with security and your demonstration of a declarative policy
> enforcement (easy to use) while still capable of fine-grained enforcement
> (good).
>
> >
> > On Dec 12, 2015, at 6:35 AM, Yudhi Karunia Surtan <
> brainmaster716@gmail.com> wrote:
> >
> > Now the question is how to give it the idea back to the community.
> > tell me what can i do.
> >
> > Here is the list that i did to implement a full stack iam for web.
> > 1. Hacking CAS to make an authentication to fortress instead of ldap
> > 2. Hacking CAS client to get fortress session id and principal
> > 3. Create a custom voter in my apps to populate role and filtering
> allowed
> > web page
> > 4. Create a custom filter to filtering allowed page attribute
> >
> > I hope the idea of my implementation also can help others to securing
> their
> > apps.
>
> This brings up the need for a separate conversation.  The Apache Directory
> Fortress sub-project needs a repository to house related policy enforcement
> components.  A healthy access management system will have dozens of ways in
> which to use and it makes sense that there is place to keep them.
>
> We could also try to push your ideas into other projects, e.g. Spring,
> CAS, Shibboleth, but my inclination is to keep them close for the time
> being.
>
> Shawn
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message