| <!-- |
| ~ This work is part of OpenLDAP Software <http://www.openldap.org/>. |
| ~ |
| ~ Copyright 1998-2014 The OpenLDAP Foundation. |
| ~ All rights reserved. |
| ~ |
| ~ Redistribution and use in source and binary forms, with or without |
| ~ modification, are permitted only as authorized by the OpenLDAP |
| ~ Public License. |
| ~ |
| ~ A copy of this license is available in the file LICENSE in the |
| ~ top-level directory of the distribution or, alternatively, at |
| ~ <http://www.OpenLDAP.org/license.html>. |
| --> |
| <html> |
| <head> |
| <title>Overview of the org.openldap.enmasse component</title> |
| </head> |
| <body> |
| EnMasse is a web application that implements <A HREF="http://en.wikipedia.org/wiki/Representational_state_transfer">RESTful</A> Web services to interface with |
| <A HREF="http://www.jts.us/iamfortress/javadocs/api/index.html">Fortress</A> and <A HREF="http://www.openldap.org/">OpenLDAP</A>. |
| |
| <h2>What technologies are in use?</h2> |
| |
| EnMasse was built using established <A HREF="http://www.opensource.org/">Open Source</A> technologies including |
| <A HREF="http://cxf.apache.org/">Apache CXF</A> (web services stack), <A HREF="http://www.springsource.org/">Spring Framework</A> (glue), <A HREF="http://maven.apache.org/">Maven</A> (dependencies) |
| and <A HREF="http://java.sun.com/xml/downloads/jaxb.html">JAXB</A> (data binding layer) and runs inside any reasonably compliant Java Servlets container. |
| |
| <a href="org/openldap/enmasse/FortressService.html">EnMasse service</a> access control decisions are enforced using <A HREF="http://www.jts.us/iamfortress/javadocs/api-sentry/index.html?overview-summary.html">Sentry</A> which itself |
| uses declarative <A HREF="http://docs.oracle.com/javaee/5/tutorial/doc/bnbwk.html">Java EE Security</A> and <A HREF="http://static.springsource.org/spring-security/site/">Spring Security</A> policy hooks that are wired to |
| connect back to the <A HREF="org/openldap/fortress/rbac/package-summary.html">Fortress</A> <A HREF="http://en.wikipedia.org/wiki/Role-based_access_control">RBAC</A> component. |
| |
| EnMasse server-side is a <a href="http://java.sun.com/developer/technicalArticles/tools/webapps_1/">Java Web program</a> artifact and is wholly dependent on <A HREF="org/openldap/fortress/package-summary.html">Fortress</A> |
| but also needs a <A HREF="http://en.wikipedia.org/wiki/Lightweight_Directory_Access_Protocol">V3 compliant LDAP</A> server like OpenLDAP. For more information on installing and setting up OpenLDAP check out |
| <A HREF="http://www.jts.us/iamfortress/guides/README-QUICKSTART.html">Fortress Quickstart</A> |
| |
| <h2>What can EnMasse do?</h2> |
| |
| Contained within this application are Web APIs to perform authentication, authorization, administration, audit and password policies. |
| The most important package in this system, <A HREF="org/openldap/enmasse/package-summary.html">org.openldap.enmasse</A>, contains the public Web APIs that are called by external systems. |
| |
| There is a one-to-one correspondence between a Fortress API and an EnMasse Web service. The Fortress |
| APIs are organized into 'Managers' each implementing a specific area of functionality within the |
| Identity and Access Management lifecycle. |
| For a list of EnMasse services, see <a href="org/openldap/enmasse/FortressService.html">FortressService</a>. |
| |
| <h3>Fortress Manager Overview</h3> |
| <ol> |
| <li><a href="http://www.jts.us/iamfortress/javadocs/api/org.openldap.fortress/AccessMgr.html">AccessMgr</a> - This object performs runtime access control operations on objects that are provisioned <a href="http://csrc.nist.gov/groups/SNS/rbac/documents/draft-rbac-implementation-std-v01.pdf">RBAC</a> entities that reside in LDAP directory.</li> |
| <li><a href="http://www.jts.us/iamfortress/javadocs/api/org.openldap.fortress/AdminMgr.html">AdminMgr</a> - This object performs administrative functions to provision Fortress <a href="http://csrc.nist.gov/groups/SNS/rbac/documents/draft-rbac-implementation-std-v01.pdf">RBAC</a> entities into the LDAP directory.</li> |
| <li><a href="http://www.jts.us/iamfortress/javadocs/api/org.openldap.fortress/AuditMgr.html">AuditMgr</a> - This interface prescribes methods used to search OpenLDAP's slapd access log.</li> |
| <li><a href="http://www.jts.us/iamfortress/javadocs/api/org.openldap.fortress/DelAccessMgr.html">DelegatedAccessMgr</a> - This interface prescribes the API for performing runtime delegated access control operations on objects that are provisioned Fortress <a href="http://profsandhu.com/journals/tissec/p113-oh.pdf">ARBAC02</a> entities that reside in LDAP directory.</li> |
| <li><a href="http://www.jts.us/iamfortress/javadocs/api/org.openldap.fortress/DelAdminMgr.html">DelegatedAdminMgr</a> - This class prescribes the <a href="http://profsandhu.com/journals/tissec/p113-oh.pdf">ARBAC02</a> DelegatedAdminMgr interface for performing policy administration of Fortress ARBAC entities that reside in LDAP directory.</li> |
| <li><a href="http://www.jts.us/iamfortress/javadocs/api/org.openldap.fortress/DelReviewMgr.html">DelegatedReviewMgr</a> - This class prescribes the <a href="http://profsandhu.com/journals/tissec/p113-oh.pdf">ARBAC02</a> DelegatedReviewMgr interface for performing policy interrogation of provisioned Fortress ARBAC02 entities that reside in LDAP directory.</li> |
| <li><a href="http://www.jts.us/iamfortress/javadocs/api/org.openldap.fortress/PwPolicyMgr.html">PswdPolicyMgr</a> - This object adheres to <a href="http://tools.ietf.org/html/draft-behera-ldap-password-policy-10">IETF PW policy draft</a> and is used to perform administrative and review functions on the <a href="org/openldap/fortress/pwpolicy/PswdPolicy.html">PWPOLICIES</a> and <a href="org/openldap/fortress/rbac/User.html">USERS</a> data sets within Fortress.</li> |
| <li><a href="http://www.jts.us/iamfortress/javadocs/api/org.openldap.fortress/ReviewMgr.html">ReviewMgr</a> - This interface prescribes the administrative review functions on already provisioned Fortress <a href="http://csrc.nist.gov/groups/SNS/rbac/documents/draft-rbac-implementation-std-v01.pdf">RBAC</a> entities that reside in LDAP directory.</li> |
| </ol> |
| |
| <h2>How can I connect with EnMasse?</h2> |
| |
| Clients have a choice in how to connect with the EnMasse Web services. Integration can occur using a |
| preferred Web service toolkit like <a href="http://axis.apache.org/axis/">AXIS 1</a>, <a href="http://axis.apache.org/axis2/java/core/">AXIS 2</a>, |
| <a href="http://metro.java.net/">Metro</a>, <a href="http://cxf.apache.org/">CXF</a>, <a href="http://static.springsource.org/spring-ws/sites/1.5/">Spring Web Services</a>, |
| <a href="http://wso2.com/products/web-services-framework/php">WSO2</a>, <a href="http://jquery.com/">JQuery</a>, etc, or by using the Fortress APIs |
| themselves which have built in support for calling EnMasse. |
| |
| The Fortress API plugs into its backend data repository (LDAP) using a simple facade pattern that |
| shields its clients from downstream details. The behavior of the Fortress APIs does not change based |
| on the route it takes. |
| |
| <h3>Options for EnMasse service Integration</h3> |
| <ol> |
| <li>Client uses Fortress to connect to EnMasse:<br> |
| Client-->Fortress-->HTTP/S-->EnMasse</li> |
| <li>Client uses other Web frameworks to connect to EnMasse:<br> |
| Client[Axis, Metro, CXF, SpringWS,...]-->HTTP/S-->EnMasse</li> |
| </ol> |
| </p> |
| <h2>What are the conditions of use?</h2> |
| <p> |
| This software development toolkit is open source, thus free to use and distribute via the <a href="http://www.opensource.org/licenses/BSD-3-Clause">BSD 3-Clause License</a>. |
| It was developed and tested on open systems like <a href="http://www.ubuntu.com/">Ubuntu</a> and <a href="http://www.centos.org/">Centos</a> and was helped along |
| by the following open source products: |
| <ol> |
| <li><a href="http://www.openldap.org/project/">The OpenLDAP Project</a></li> |
| <li><a href="http://www.apache.org/">The Apache Software Foundation</a></li> |
| <li><a href="http://www.unboundid.com/">UnboundID</a></li> |
| <li><a href="http://www.eigenbase.org/">The Eigenbase Project</a></li> |
| <li><a href="http://ehcache.org/">Ehcache</a></li> |
| </ol> |
| </p> |
| </body> |
| </html> |