Apache Fortress

Apache Fortress is a standards-based Role-Based Access Control (RBAC) system written in Java. It provides a comprehensive framework for managing authentication, authorization, and administrative security policies using LDAP as its backend. Fortress supports ANSI INCITS 359 RBAC and ARBAC standards, making it suitable for enterprise-grade identity and access management solutions. It integrates with ApacheDS, OpenLDAP, and Java web applications, offering APIs, REST services, and web interfaces for policy enforcement and review.

Features

• ANSI INCITS 359 compliant RBAC and ARBAC support
• Java APIs for authentication, authorization, administration, and auditing
• LDAPv3 compatibility with ApacheDS and OpenLDAP
• RESTful services for remote access to security functions
• Web-based UI for policy administration and review
• Password policy management and enforcement
• Role hierarchies, constraints, and separation of duties
• SSL/TLS, X.509 mutual authentication, and SSO support
• Auditing via OpenLDAP slapd access log overlay
• Integration with Jakarta EE and Apache Tomcat

Capabilities

• Centralized access control using LDAP directory services
• Delegated administration through ARBAC02 model
• Fine-grained role activation and deactivation
• Support for custom password policies and enforcement
• Real-time auditing and historical change tracking
• Modular architecture for embedding in Java applications
• REST and Web interfaces for cross-platform integration
• Compatible with open system hardware and software platforms

Benefits

• Standards-based security model ensures compliance and interoperability
• Reduces complexity of access control management
• Enhances security through role constraints and separation of duties
• Enables delegated administration for scalable policy governance
• Improves visibility with detailed audit trails and reporting
• Flexible deployment options for cloud, on-premise, or hybrid environments
• Open-source and free under the Apache License 2.0