CodemonkeyOct 29, 2023
Javax to Jakarta Tales from the Crypt
Community over Code
Monday, October 9, 2023
Halifax Convention Center
Announced almost six years ago by Oracle, the Javax to Jakarta migration has created a logjam down in the projects. Many of us have been stuck on old versions of the JVM and containers until all of our software providers release using Jakarta. This talk will provide an overview of the issues involved in the migration along with a case study of the Apache Fortress efforts in getting to a Jakarta compatible release.
Toward an Attribute-Based Role-Based Access Control System
Community over Code
Monday, October 9, 2023
Halifax Convention Center
Abstract
We’ve all heard the complaint, Role-Based Access Control (RBAC) doesn’t work. It leads to Role Explosion, defined as an inordinate number of roles in a production environment. Nobody knows who is assigned to what, because there are hundreds, if not thousands of roles to keep track of.
We could try Attribute-Based Access Control (ABAC), but that leads to a whole different set of problems, including non-standard implementations, complexity and lack of integrity. What’s a system implementer to do?
There’s a way of having both together, capturing the strengths of each while limiting their shortcomings. This talk discusses standards-based RBAC and how it can be enhanced to eliminate long entrenched problems by sprinkling attributes into the mix. At the same time we’ll look at an open source implementation, Apache Fortress, that illustrates the techniques discussed in the talk using an LDAP data model.
Sample Apps