And it don’t need no stinking badges. Yeah, I’m mixing clichés, happens sometimes when coding long hours in a stretch. 🙂

What I’m talking about is a new access management system, released to PyPI yesterday for the first time.

py-fortress on PyPI

Considering we just started coding a couple of months ago that’s pretty good progress.

What is it? A toolkit designed for Python3, with APIs that developers can use to do security in an RBAC-compliant way. Today, it requires an LDAP server to store the policies, but a file-based backend will soon be ready. No, I’m not recommending files in production, but it’s fine for getting started, within dev envs.

You can check the py-fortress project here:

py-fortress README on GitHub

Inside are links to some documents to help get started. The quickstart doesn’t require cloning the project GIT repo, but you’ll need a Linux machine, Python3, PIP and Docker engine installed. Everything else is covered.

Why would you want it? That’s a long story. It starts with an imperative to follow standards, in security processes, like authentication and authorization. That there’s value in committing to best-practices, in this case ANSI RBAC.

It may help to know that this effort is backed by my employer — Symas.

Eventually, this code may end up inside of an Apache project, like Apache Fortress. Or, it might land somewhere else. It’s too early to know. What’s certain is that it’ll remain open, available to use and learn from.