Projects tagged ‘policy’

FreeIPA is an integrated solution which combines the following technologies: * 389 Directory Server * MIT Kerberos * NTP * DNS * Web and command-line provisioning and administration tools

PolicyKit is a framework for defining policy for system-wide components and for desktop pieces to configure it. It is used by HAL.

pam_passwdqc is a simple password strength checking module for PAM-aware password changing programs, such as passwd(1). In addition to checking regular passwords, it offers support for passphrases ... [More] and can provide randomly generated ones. All features are optional and can be (re-)configured without rebuilding. The package additionally includes libpasswdqc (a password/passphrase strength checking library), pwqcheck (a standalone password/passphrase strength checking program), and pwqgen (a standalone random passphrase generator program). [Less]

Zivios is a web based control panel which brings together vital open source technologies and provides identity management, single sign-on, user, group and computer provisioning, as well as remote ... [More] management of services. Zivios offers an easy and extensible API, allowing organizations to extend the core application with additional plug-ins for their in-house or third party software. [Less]

Metascore is the system which will run metagovernment.org and any number of other community governance systems. It is a versionated policy-generation and discussion system combined with a ... [More] recursive scoring system for ranking content and perhaps users. [Less]

A collection of Postfix-related tools, including a SRSD daemon and a policy daemon. "pfix-srsd", our first tool, is a tcptable lookup service for Postfix which performs SRS encoding and decoding. ... [More] The second tool is "postlicyd", a policy daemon for Postfix with a very flexible configuration. It can be used as a replacement for whitelister and postgrey. Postlicyd is able to access R(H)BL databases by DNS or by directly reading rbldns zone files. [Less]

Web Service policy enforcement

TFS Code Review Workflow This project is a combination of a Code Review Work Item and a Code Review Check-in Policy. The check-in policy doesn’t allow a check-in unless it has an associated Code ... [More] Review work item, and that work item is set to approved. Only people in a TFS group named [Project]\Code Reviewers can set an item to approved. Workflow: 1. Dev finishes code and wants it reviewed so they shelve the changeset and create a Code Review work item and mention the name of the shelf set. This is assigned to a general Code Review team. 2. People on the code review team have event subscriptions which sends them an e-mail when a workitem is assigned to the Code Review group. One of them will open the work item, review the shelf set and resolve the item as 'Accepted' or 'Needs changes' which assigns it back to the original dev. 3. Once in an approved state the dev can check-in and associate to the work item which will close it. [Less]

"In the old days we just had 0's,    we had to pound them flat to get 1's..."               -- Rodney Thayer ... [More] , ÜberHaxxor The mobile phone industry is expected to ship something on the order of 935 million phones in 2006, half of which will be so-called "Smart Phones." This number is expected to double in five years. Some of these phones will run Windows Mobile; some will run Symbian. But even if only 1% run some variety of Linux (a la MonteVista) or L4 (a la Qualcomm) that's still something like 20 million linux devices shipping in 2011. That's quite a few Unix based devices running around a wireless network. Handset manufacturers, network operators and some corporate IT departments have fallen down on their responsibility to develop secure products in the past. But Basil II / Solvency II in Europe and Sarbanes-Oxley in the United States have raised awareness of IT security as a cross-cutting concern across an increasingly global business community. The industry is looking for tools and techniques to limit the financial risk of exposure of corporate secrets or loss of assurance over the firm's financial control processes. In other words, corporations on both sides of the Atlantic are being asked by regulatory regimes to prove that their IT resources are resistant to assault from malicious attackers. After being taken on a confusing ride on the "PKI express" in the late 1990's, IT consumers are interested in security again. But this time around they're looking at "global" technology solutions that create a "secure end-to-end experience." In the previous tech-cycle, corporate IT departments gained extensive experience with VPNs, Firewalls, PKIs, SSL, SSH, and basic key management. But the "Dot Com" era ended just as mobile device and web application security solutions were maturing. Now that we find ourselves in something that looks like a recovery, it's time to start focusing on the harder problems of securing mobile applications. Traditional Unix-like operating systems use the concept of the "user" as the basic subject for security policy decisions. An application's ability to access resources such as files and devices is based on the User ID it is running as. This was great for multi-user servers with tens, hundreds or thousands of concurrent users whose files must be protected from accidental (or malicious) access. While user-mediated security enforcement for mobile applications is necessary, it is not sufficient to properly represent security policy for mobile devices; devices that traditionally have a single primary user. The XeroBits project is an attempt to develop a toolkit for mobile device security. It is released under a BSD license with the hope that the more "corporate friendly" terms will encourage it's adoption by handset manufacturers, network operators and enterprise customers. "Yes," you ask, "but what it it?" XeroBits includes primitives that may be used to establish the origin of bits of code. The kernel may then use this information in an access-control decision, mediating access to a file descriptor, network socket, device or even a CDSA-style key repository. XeroBits contains tools and libraries for: * Digitally Signing Executables and shared object libraries * Establishing an "appropriate" level of trust when shared object libraries from different protection domains are dynamically loaded into the same executable image. * Generating and authenticating opaque tokens (think SASL here) that testify as to the inclusion of an executable in a given protection domain. This provides non-kernel processes with the ability to make access control decisions based on a subject's protection domain. * Generating and authenticating opaque tokens based on stack-based attestation (a la NGSCB/Palladium.) This gives kernel and non-kernel processes the ability to make access control decisions based on the call-graph that led to a kernel trap or IPC call.) * Remotely managing device security policy * Protection domain specific and application specific secure out-of-process storage of shared secrets, secret keys and private keys. * "Out of process" encryption, signing, decryption and verification using references to managed keys. * Digital Certificate life-cycle management. This relieves application programmers of the requirement to maintain certificate meta-data. [Less]

Security Policy Assertion Language (SecPAL) provides a flexible and robust declarative authorization language developed for large-scale Grid Computing Environments.