This table summarizes the major features available in the latest release of DACS and features being considered for future releases. The DACS 1.4 releases focus on stability by adding only new features and enhancements that minimize version compatibility issues, improving documentation, and fixing bugs and design flaws. Improving the documentation with each successive release is a high priority.
Help us to make DACS better!
Your input is very important. If any of the planned features listed below - or other features - are of particular interest to you, please tell us and we will do what we can to implement them more quickly. In the table below, features designated as Partial are not yet fully implemented, and those designated as planned are more-or-less listed in decreasing order of priority.
|Unix password authentication||X|
|Private password authentication||X|
|Windows NTLM authentication||X|
|X.509 certificate authentication||X|
|LDAP (including Microsoft ADS) authentication||X|
| Interoperation with Apache authentication modules
(RFC 2617 Basic and Digest Access Authentication)
|Support for multiple concurrent identities||X|
|Support for RFC 2109 and RFC 2965 cookie specifications||X|
|Support for RFC 1867/RFC 2388 form upload, multipart/form-data, and MIME||X|
|Remote and command-line access to configuration information||X|
|Configurable event logging, access audit trail, weak password detection||X|
|User acknowledged, resource-associated notices (such as copyright, licensing, terms-of-use, and message-of-the-day notices)||X|
|Command line interface to access control (authorization) testing||X|
|Affiliated DACS federations (single sign-on across federations)||X|
| Integrated support for HTTP authentication
(RFC 2617 Basic and Digest Access Authentication)
|Command line interface to authentication checking||X|
|Support for authentication using software-based, challenge-response method one-time passwords||X|
| Support for token-based one-time passwords (HOTP, TOTP)
(OATH, HOTP/RFC 4226, Google Authenticator)
|Generic HTTP-based authentication (e.g., for Google accounts)||X|
|Authentication using Pluggable Authentication Modules (PAM)||X|
|Stateless (cookie-less) operation||X|
|Secure, shareable links||X|
|Improved performance via cached access control decisions||X|
|Authentication using Information Cards (CardSpace)||(deprecated)|
|Display/obtain recent account activity||X|
|Support for Mac OS X v10.6 Snow Leopard||X|
|Support for SQLite||X|
|Support for PBKDF2 and scrypt||X|
|Support for SHA-3||X|
|Support for JSON formatted messages||Partial|
|Browser-based administration console||Partial|
|Improved administration and reporting of user session tracking||Partial|
|Java application support via JNI||Partial|
|Support for OAuth consumer/client (used by Google/YouTube/Blogger, Netflix, Etsy, delicious, Facebook, MySpace, LinkedIn, Twitter, Yahoo!, and many more, but be sure to see OAuth 2.0 and the Road to Hell)||Partial|
|Apache 2.4 support||X|
|Support for forward proxying authorization||X|
|Improved DACS account self-administration, enrollment, and provisioning||X|
|Authentication using one-time, out-of-band passwords (sent via email, SMS text messaging, etc.)||X|
|Emergency sign on via "vouching"||X|
|Web-based spam/DoS/abuse resistance framework||X|
|Privileged identity management (e.g., joint authorization)||X|
|User-level mutual authentication capabilities||X|
|Support for risk-based and/or layered authentication||X|
|Improved support for multi-factor authentication||X|
|Native support for authentication through OpenID||X|
|Support for OAuth provider/server||X|
|Support for Amazon S3 Authentication||X|
|Native port to the Windows platform (with Apache)||X|
|Strong mutual authentication via asymmetric key exchange (prob. SRP, modulo IPR concerns)||X|
|Integration with JAAS||X|
There is also a very long wish list that includes minor enhancements, interesting ideas, and major new capabilities. We are continually improving and extending the DACS programming language.
As of DACS 1.4.26, Solaris/OpenSolaris is not an officially supported platform.
DACS 1.4.25 improved support for one-time passwords (such as time-based tokens, token provisioning, and additional OTP token vendors), added simplified user-selectable authentication control, fixed and improved PAM-based authentication, and added support for SQLite. For a detailed list of changes for previous releases, please refer to the download page.
A demonstration of counter-based and time-based one-time password authentication is available. Users of token-based authentication devices should be aware of recently discovered weaknesses.
Versions 1.4.23 and 1.4.23a introduced comprehensive support for both self-issued and managed Information Cards [0, 1, 2, 3]. Among other important features, InfoCards facilitate phishing-resistant, password-less sign on. DACS provides components to create managed InfoCards and allow web sites and other server-based applications to use self-issued and managed InfoCards for authentication (including single sign-on) and other applications.
In early 2011, Microsoft announced that it would not support CardSpace (aka, Infocards and Information Cards) starting with Windows 8. CardSpace has been the most widely available identity selector for using Information Cards. The implementation of Infocards support within DACS remains in the code base and is documented, but is no longer being actively tested and maintained (neither are the demos). Support for Information Cards within DACS will likely be removed.
Here is the latest release schedule, with historical entries:
|DACS Release||Actual or Target
|dacs-1.4.36||Targeted for December, 2015
(contact us for the latest status)
Release names that end in a letter are usually unscheduled versions that address a small number of urgent problems.
The following interim releases are associated with special projects and were not made publicly available: dacs-1.4.22[a-j], dacs-1.4.23b, dacs-1.4.27a
Please contact us
if you have any questions about these releases or planned features.
Your suggestions for features and their relative priorities are welcome.