The Symas Blog
A message from our President regarding Red Hat and SuSE removing OpenLDAP from their Linux Distributions
A few weeks ago, one of our strategic partners—a large European government and defense contractor—requested a call to discuss a big concern: the OpenLDAP server was slated to be removed from upcoming releases of Red Hat’s Enterprise Linux distributions.
read moreNew Release: Symas OpenLDAP 2.4.45-4
Symas is continuously striving to provide our customers with excellent products. This on-going pursuit leads us to offer the new Production release of Symas OpenLDAP, Gold 2.4.45-4. Current customers, please visit the Downloads page to download Symas OpenLDAP Gold...
read morePreventing Remote Code Execution Exploits in Java
We all know there’s not a foolproof way to secure computing systems. But there are steps that can mitigate the risk of exposure once the inevitable breach occurs.
read moreNew Release: Symas OpenLDAP 2.4.45-2
Symas is continuously striving to provide our customers with excellent products. This on-going pursuit leads us to offer the new Production release of Symas OpenLDAP, Gold 2.4.45-2. Current customers, please visit the Downloads page to download Symas OpenLDAP Gold...
read moreNew Release: Symas OpenLDAP 2.4.45-1 Available
Symas is continuously striving to provide our customers with excellent products. This on-going pursuit leads us to offer the new Production release of Symas OpenLDAP, Gold 2.4.45-1. Current customers, please visit https://downloads.symas.com to download Symas OpenLDAP...
read moreApacheCon 2017: Symas Teams with Evolveum on Identity Governance Talk at ApacheCon
How to Govern and Maintain Compliance Using Open Source Identity Management Components - Katarina Valalikova, Evolveum & Shawn McKinney, Symas Corporation As platform usages continue to expand, so too will the number of identities, which corresponds with a need to...
read moreMusing on the Future of Computing
Symas has set the pace in the database world with LMDB. The efficiency gains from LMDB's Single Level Store approach make LMDB's performance unmatched by any other technology. LMDB's approach is also ideally positioned to leverage future developments in memory and...
read moreSymas OpenLDAP 2.4.44-5 Available
Symas is continuously striving to provide our customers with excellent products. This on-going pursuit leads us to offer the newest Production release of Symas OpenLDAP. For the first time, Symas OpenLDAP 2.4.44-5 is available for Debian 8 and Ubuntu 16. This release...
read moreNo case studies on ABAC?
Don't get me wrong, everyone needs at least RBAC, but it has limitations and doesn't work well with instance data in the authorization expression. This perceived need leads me to look for case studies describing large-scale deployments of ABAC. For example I'd like to...
read moreWe Can Stop Looking For That Panacea Now
It seems every year there's a new protocol for handling security. I was first sucked down into this black hole in the '90's. Few standards back then. Now, so many years and protocols have passed... https auth, x.509 auth, CSIv2, spnego, liberty, saml, ws-*, xacml,...
read moreAhem, it’s called Role-Based Access Control
Of late, on a quest, to educate the info sec community, the definition of RBAC. Not the first time. A couple years back, this role-infused rant: Using Roles for Access Control is Not Role-Based Access Control And before that this: An Introduction to Role-Based...
read moreApache Fortress Role Engineering Tutorial
The goals of this tutorial are to Gain understanding of the Role Based Access Control (RBAC) standard Learn the repeatable steps of the Role Engineering Process Learn about using the Apache Fortress RBAC engine To get started, follow the instructions in the...
read moreApache Fortress End-to-End Security Tutorial
The tutorial provides a how-to guide for applying end-to-end security enforcement across a sample Java Web environment using Java EE, Spring and Apache Fortress security. Requirements covered include authentication, authorization and confidentiality. Both declarative...
read moreApache Fortress SAML Demo
Overview The aim of this tutorial is to connect Apache Fortress with Spring Security SAML and a common Identity Provider – SSO Circle.com. It’s not intended to highlight all of the possible locations in code where security checks may be applied. For that take a look...
read moreIntroducing a Security Access Control Engine Inside OpenLDAP
Security Access Control Engine - How & Why The OpenLDAP Accelerator is a Policy Decision Point that resides inside the slapd process. This presentation - "Introducing a Security Access Control Engine" - explains how it works and why it's important. We’ll explore...
read moreUnderstanding LMDB Database File Sizes and Memory Utilization
The Lightning Memory-mapped Database (LMDB) is designed around the virtual memory facilities found in modern operating systems, Multi-version Concurrency Control (MVCC), and Single-Level Store (SLS) concepts. This design is quite different than those of more traditional databases and, in operation, it can mimic behaviors that system administrators have been trained to recognize as signs of trouble. With LMDB, though, the behaviors are normal, but nonetheless this leads to the following questions:
read moreApacheDS & Fortress QUICKSTART
As engineers, we are often encouraged to use the right tool for the job. Maybe that is because we tend to grow too attached to the familiar. When we’ve got a hammer, everything looks like a nail.
read moreApache Fortress 1.0-RC42 Released
Announced just this week: Apache Fortress 1.0-RC42 released. What, is this some kind of joke? Why would a project go thru 42 iterations of release candidates just for a 1.0 designation? No joke here unless you find our efforts to create a simple, useful and robust access management solution funny. Before that 1.0 label gets used, we’re going to make sure it’s deserving.
read moreOpenLDAP & Fortress QUICKSTART
Fortress and OpenLDAP go together like peanut butter and jelly. Either is good, but taken together, their flavors blend into something different, and perhaps better.
read moreWhy Bugs are Good
Goes against the grain of conventional wisdom. The nastier, the better. How can this be? Let me state the ways.
read moreDROWN Vulnerability with Remediation
Network traffic encrypted using an RSA-based SSL certificate may be decrypted if enough SSLv2 handshake data can be collected. Exploitation of this vulnerability—referred to as DROWN in public reporting—may allow a remote attacker to obtain the private key of a server supporting SSLv2.
read moreThe Sad State of C Strings
Character strings are an essential component of any programming language, but C Strings were a bit unusual in not defining an explicit string type. The C standard specifies some standard library functions for operating on C strings, which gives them a de-facto type and standard methods, but the standard library functions were horrible when first invented in the 1970s, and nothing sane has replaced them yet. In honor of the Chinese Lunar New Year, and the 30th anniversary of this rant, I delve once more into these problems.
read moreAnticipating the Future With LMDB
As we've noted before, LMDB was designed to be a data storage solution for both today and especially for tomorrow, not to keep warming over yesterday's problems today. That's why our focus from the beginning was on Solid State storage. While still considered too risky...
read morePerformance Tradeoffs in LMDB
Yes, LMDB is fast, blindingly fast. Can we make it faster still? Yes.
read more