Vision Statement

Vista

The Digital Fortress(DF) project is aimed towards supplying the OSS community with a high-standard security suite for enterprise applications. Towards this end the DF team is pursuing some features like:
  • Multi-Tenent Service - This means that as long as you associate your security data with your application id (GUID), your data is only visible to you. This feature allows for advanced scenarios such as a Web Authentication/Authorization provider hosted in a shared environment.
  • Single Sign-On Capabilities - This means that your applications can all use the same session. This way if your user jumps from one app to another that is using DF, he doesn't have to relogin. He just changes to another application. This will be featured in release 0.2.0 Alpha. This feature in conjunction with the previous one creates a great opportunity for Passport-Like services.
  • ACL Based Authorization (NEW) - Digital Fortress will allow you to model your resource tree, and then apply security sets to each node, in a way that child nodes inherit from parent nodes. DF will allow you to define dynamic filters so you can have dynamic nodes and dynamic security sets.
  • User Hierarchy - This means that you'll be able to model your companies hierarchy of users in any way you'd like to and thus retrieve important information like who's two levels above user A, or who are the users directly below user B.
  • Role Hierarchy - This means that you get to create roles that are composed of other roles, and thus minimize the administrative effort to manage your security structure.
  • Profile Data - This means that you'll be able to define custom-tailored fields to be associated with an user, like Address, Color of Background, or any other attribute that you need to associate to an user (as long as this attribute is serializable, of course). This allows a heavy burden to be released from your application, since you won't have to build any of this functionality.
  • Easy Integration - This means that all services of the DF suite are accessible via an Agent. An Agent is a class that'll grant you easy access to your security repository with almost zero-configuration. This approach allows for a high level of productivity, since you tend to use methods like UserAgent.ValidateSession(sessionId) or SecurityContext.Current.UserName to get the currently logged username. This item is one of the items that the DF team is most commited to. If it ain't easy, it's wrong!
  • Security - The DF team is very concerned about the security repository sensitive data. This is why top-notch security is used in the default implementation of the Agents. All sensitive data is encrypted using SHA-512 hashes, which make it VERY hard to decrypt. If you have any concerns or tips towards this end, we'll be happy to discuss with you.
  • Tools - The DF team will be releasing in time tools for easy administration of your security repository. Never again will you need to execute obscure stored procedures in some data store, or build an entire security application just to create a new user (and don't even get me started on the IIS support to manage security, please!).

With that in mind let's define each section of the suite:

Authentication

Authentication Service
Authentication Agent

Authorization

Authorization Service
Authorization Agent

Administration

Administration Service
Administration Agent

Security Context

Security Context

Last edited Aug 7, 2007 at 1:59 PM by Heynemann, version 8

Comments

No comments yet.