A look at the secure technology gap and how it can be closed.
In January 2009 JoshuaTree along with help from its partner Symas, began work on a new suite of Identity & Access Management products. These products would build on OpenLDAP's native capabilities.
Key objectives of the development project that ensued mandated use of pre-existing open source products, common and accepted standards, and to write new code only when necessary.
First released August 28, 2013 under BSD 3-clause open source license.
Commander Web UI includes pages for...
- ANSI RBAC entity and policy management
- User based demographic attribute management
- IETF password policy management
- Self-service user and password administration
- Centralized audit trail interrogation and viewing
- Extensible framework for building custom pages
Where to obtain
The following sections provide an overview of Commander including technical info, screen shots and feature descriptions.
- Runs inside any Java 7 powered Servlet container
- 15 Pages, 35 Panels, 10 List Views
- ANSI RBAC INCITS 359 compliant
- Apache Wicket UI framework (6.14.0)
- AJAX & jQuery (1.11.0)
- Spring dependency injection and security enforcement
- Build & dependency management using Maven
- OpenLDAP enabled centralized audit trail
- Log4j enabled tracing
- Automated web testing using Apache Solenium
- Communication protocols supported:
- LDAPv3 - most efficient protocol for direct to LDAP server communication utilized when applications are co-located inside same datacenter
- HTTP/REST - less efficient protocol but easier integrate across widely distributed applications
- ANSI RBAC permission based policy enforcement
- Java EE for declarative authentication/SSO & coarse-grained authorization
- IETF password policies enforced during login
- Spring for declarative page-level medium-grained authorization
- Wicket and Fortress for access controls over button and link enablement
- Fortress ARBAC for fine-grained declarative controls over entity access (User, Role, Permission,etc,...) along with their allowed operations (add, udate, delete, search)
- Fortress audit trail tracks user actions
- Fortress audit trail of entity change history (before/after)
Our mission is to make high performance security solutions available to every business
We were formed in 2009 by a team of software developers with decades of experience. We see an increasing reliance on network solutions; an enormous and rapid development and a widespread reliance on these vulnerable systems. But we have not seen a corresponding development in our ability to protect them.
All of JoshuaTree's source code is released under the OpenLDAP Public License.