|
|
DACS is a light-weight single sign-on and role-based access control system for web servers and server-based software. It is also an authentication and authorization toolkit for programmers. DACS makes secure resource sharing and remote access via the web easier, safer, and more efficient.
DACS is particularly well suited to providing single sign-on across organizational or departmental web servers, and to limiting access to their web-based resources.
Released under an open source license, DACS gives you:
| Get information: | Get DACS: | Get started: | Get more: |
|---|---|---|---|
| Consult the Executive overview, What is DACS?, and Resources pages. For additional detail, see About DACS, Features, Versions, FAQ, and technical documentation for the latest release. | Download DACS from SourceForge. | Try the tutorial and review the growing collection of tips and examples. | A wide range of commercial technical support options are available to help you to deploy, configure, evaluate, customize, and administer DACS. |
DACS works with virtually any authentication method and unifies an assortment of accounts into a single identity. You can leverage the user accounts and authentication methods that you already use, or introduce new ones easily. Out of the box, DACS lets users authenticate using: DACS username/password, X.509 client certificate, self-issued or managed Information Card, one-time password, Unix account, Apache password files, Windows NTLM, ADS/LDAP, CAS, HTTP, PAM, Basic or Digest Auth, special URLs, two-factor authentication, expressions, and more.
DACS extends the security capabilities of your Apache server for controlling access to your web resources, whether you have just one web server, several real or virtual web servers at one site, or many web servers spread across the Internet. It does not matter what the web resources are: web pages, files, or applications. DACS ensures that only authorized requests are carried out by a web server.
For applications, it does not matter what they do, who wrote them, or what language they are written in - DACS is invisible to them and they do not need to be modified in any way. Audit trails help you to track accesses to your web site. By operating in a proxying mode, an Apache web server can supply single sign-on and access control functionality for other web servers, Apache or non-Apache.
Apart from single sign-on and other federated capabilities, DACS can be used to quickly solve a variety of common problems, freeing you to focus on other things. You can easily create your own short links, permalinks, and smart links using DACS. Its Rlink feature lets administrators create special access controlled links that can simplify DACS administration and foster sharing and collaboration.
Once a user has signed on through DACS, he will be recognized throughout a federation of web servers.
While it shares many of the advantages of other single sign-on systems, DACS offers some unique features and is more efficient, and simpler to understand, customize, and administer compared to the heavy-weight, enterprise-level alternatives. If your single sign-on needs are modest, or if you are not even certain what they are, you should look at DACS. DACS does the hardest parts for you - all that you need to do is configuration and "look & feel" customizations.
Why reinvent the wheel? Creating security software demands specialized expertise. It is challenging to develop and keep current. Besides offering a complete single sign-on solution, DACS includes a toolbox of components from which other single sign-on systems and web site features can be built. It supplies authorization checking capabilities and user authentication functionality that developers need to get their applications working quickly, whether web-based or not. Many kinds of server-based applications can benefit from DACS tools. Its rule processing engine can be employed in a wide variety of applications, not only to provide fine-grained authorization testing. Configuration is flexible and programmable.
| For script and application developers: | For middleware and web services developers: | ||
|---|---|---|---|
| Authorization testing can be performed from the command line, allowing scripts (Perl, PHP, shell, etc.) to make data-driven access control decisions rather than code-driven ones. Authentication functionality is also available from the command line; programs can easily reuse existing user accounts, authentication methods, and user management tools. | Authentication and authorization testing can be done through simple, REST-based web service calls, the DACS Java library, or a C/C++ API. |
DSS is pleased to announce the release of DACS 1.4.27 on 16-Jan-2012. It is a minor bug fix release. Download links and additional information are here.
A Debian GNU/Linux distribution of DACS is now available. It is managed by Christoph Berg (myon@debian.org) and DSS neither prepares nor maintains it.
As of DACS 1.4.26, Solaris/OpenSolaris is no longer an officially supported platform (see DACS Support).
DACS 1.4.25 is the previous release. It improves support for one-time passwords (such as time-based tokens, token provisioning, and additional OTP token vendors), adds a new, simplified user-selectable authentication control, fixes and improves PAM-based authentication, supports SQLite, adds some minor features, and upgrades to recent releases of third-party supporting software. A more detailed list of changes has been posted.
A demonstration of counter-based and time-based one-time password authentication is available.
Versions 1.4.23 and 1.4.23a introduced comprehensive support for both self-issued and managed Information Cards [0, 1, 2, 3]. Among other important features, InfoCards facilitate phishing-resistant, password-less sign on. DACS provides components to create managed InfoCards and allow web sites and other server-based applications to use self-issued and managed InfoCards for authentication (including single sign-on) and other applications. For background information, please see Using InfoCards With DACS. Demonstrations of self-issued and managed InfoCards are available.
Information about releases is available here.
You can use Google to search this site, including the FAQ and technical documentation.