.

The Symas Blog

Adding Contextual Information to the RBAC Decision

We don’t have to throw the baby out with the bathwater. RBAC has many good aspects that we’d like to preserve. It’s standards-based, meaning various implementations should interoperate. It works, and is already in place, pretty much everywhere. But we’d like to be able to sprinkle in a bit of context, allowing us to fix the role explosion problem, without breaking its interoperability, or bringing in another implementation, with yet another protocol.

read more

How-To Guide: Two-Factor Authentication

Passwords, everyone loves to hate them and still, in the era of digital certificates, fingerprints, and voice recognition, we use them on a daily basis and want users to memorize tens of different complex passwords. So they cheat and passwords get reused, written down on a piece of paper, you name it. Not that service providers always get this right either.

read more

3 Turn Productions applauds service from Symas

In 2013 the president of Three Turn Productions, Judy Tyrer, reached out to the Symas Corporation for database help as she was preparing to launch her virtual roleplaying game, called Ever, Jane. The support she received then, and now, has been unrivaled. Click to learn how Symas helped her company.

read more

Howard Chu Shares What to Expect with OpenLDAP 2.5

Howard Chu is the Chief Technology Officer at Symas, the Chief Architect of the OpenLDAP Project,  and an overall amazingly entertaining fiddle player (Google it.) This spring Howard spoke at FLOSS UK about the upcoming release of OpenLDAP 2.5. Tom Yates compiled a nice article summarizing these highlights. Click to read.

read more

New Release: Symas OpenLDAP 2.4.45-4

Symas is continuously striving to provide our customers with excellent products. This on-going pursuit leads us to offer the new Production release of Symas OpenLDAP, Gold 2.4.45-4. Current customers, please visit the Downloads page to download Symas OpenLDAP Gold...

read more

New Release: Symas OpenLDAP 2.4.45-2

Symas is continuously striving to provide our customers with excellent products. This on-going pursuit leads us to offer the new Production release of Symas OpenLDAP, Gold 2.4.45-2. Current customers, please visit the Downloads page to download Symas OpenLDAP Gold...

read more

New Release: Symas OpenLDAP 2.4.45-1 Available

Symas is continuously striving to provide our customers with excellent products. This on-going pursuit leads us to offer the new Production release of Symas OpenLDAP, Gold 2.4.45-1. Current customers, please visit https://downloads.symas.com to download Symas OpenLDAP...

read more

Musing on the Future of Computing

Symas has set the pace in the database world with LMDB. The efficiency gains from LMDB's Single Level Store approach make LMDB's performance unmatched by any other technology. LMDB's approach is also ideally positioned to leverage future developments in memory and...

read more

Symas OpenLDAP 2.4.44-5 Available

Symas is continuously striving to provide our customers with excellent products. This on-going pursuit leads us to offer the newest Production release of Symas OpenLDAP. For the first time, Symas OpenLDAP 2.4.44-5  is available for Debian 8 and Ubuntu 16. This release...

read more

No case studies on ABAC?

Don't get me wrong, everyone needs at least RBAC, but it has limitations and doesn't work well with instance data in the authorization expression. This perceived need leads me to look for case studies describing large-scale deployments of ABAC. For example I'd like to...

read more

We Can Stop Looking For That Panacea Now

It seems every year there's a new protocol for handling security.  I was first sucked down into this black hole in the '90's.  Few standards back then.  Now, so many years and protocols have passed... https auth, x.509 auth, CSIv2, spnego, liberty, saml, ws-*, xacml,...

read more

Ahem, it’s called Role-Based Access Control

Of late, on a quest, to educate the info sec community, the definition of RBAC.  Not the first time.  A couple years back, this role-infused rant: Using Roles for Access Control is Not Role-Based Access Control And before that this: An Introduction to Role-Based...

read more

Apache Fortress Role Engineering Tutorial

The goals of this tutorial are to Gain understanding of the Role Based Access Control (RBAC) standard Learn the repeatable steps of the Role Engineering Process Learn about using the Apache Fortress RBAC engine To get started, follow the instructions in the...

read more

Apache Fortress End-to-End Security Tutorial

The tutorial provides a how-to guide for applying end-to-end security enforcement across a sample Java Web environment using Java EE, Spring and Apache Fortress security. Requirements covered include authentication, authorization and confidentiality. Both declarative...

read more