DACS DACS - The Distributed Access Control System

Distributed Access Control System (DACS)
Version Guide

Version 1.4.50

Distributed Systems Software

Feature List

This table summarizes the major features available in the latest release of DACS and features being considered for future releases. The DACS 1.4 releases focus on stability by adding only new features and enhancements that minimize version compatibility issues, improving documentation, and fixing bugs and design flaws. Improving the documentation with each successive release is a high priority.

Help us to make DACS better!
Your input is very important. If any of the planned features listed below - or other features - are of particular interest to you, please tell us and we will do what we can to implement them more quickly. In the table below, features designated as Partial are not yet fully implemented, and those designated as planned are more-or-less listed in decreasing order of priority.

Feature Included Planned
Single sign-on X  
Unix password authentication X  
Private password authentication X  
Windows NTLM authentication X  
X.509 certificate authentication X  
LDAP (including Microsoft ADS) authentication X  
Interoperation with Apache authentication modules
(RFC 2617 Basic and Digest Access Authentication)
Support for multiple concurrent identities X  
Support for RFC 2109 and RFC 2965 cookie specifications X  
Support for RFC 1867/RFC 2388 form upload, multipart/form-data, and MIME X  
Remote and command-line access to configuration information X  
Configurable event logging, access audit trail, weak password detection X  
User acknowledged, resource-associated notices (such as copyright, licensing, terms-of-use, and message-of-the-day notices) X  
Command line interface to access control (authorization) testing X  
Affiliated DACS federations (single sign-on across federations) X  
Integrated support for HTTP authentication
(RFC 2617 Basic and Digest Access Authentication)
Command line interface to authentication checking X  
CAS authentication X  
Support for authentication using software-based, challenge-response method one-time passwords X  
Support for token-based one-time passwords (HOTP, TOTP)
(OATH, HOTP/RFC 4226, Google Authenticator)
Generic HTTP-based authentication (e.g., for Google accounts) X  
Authentication using Pluggable Authentication Modules (PAM) X  
Stateless (cookie-less) operation X  
Secure, shareable links X  
Improved performance via cached access control decisions X  
Authentication using Information Cards (CardSpace) (deprecated)  
Inactivity timeout X  
Display/obtain recent account activity X  
Support for macOS 10.X X  
Support for SQLite X  
HMAC with all strong crypto digests X  
Support for PBKDF2, HKDF, and scrypt key derivation funcs X  
Support for SHA-3 X  
Support for Blake2b crypto hash At 1.4.38  
Support for Argon2 memory-hard password hash function At 1.4.38  
Support for JSON formatted messages Partial  
Browser-based administration console Partial  
Improved administration and reporting of user session tracking Partial  
Java application support via JNI Partial  
Support for OAuth consumer/client (used by Google/YouTube/Blogger, Netflix, Etsy, delicious, Facebook, MySpace, LinkedIn, Twitter, Yahoo!, and many more, but be sure to see OAuth 2.0 and the Road to Hell) Partial  
Apache 2.4 support X  
Apache 2.2 support (deprecated)  
Support for RADIUS authentication (RFC 2865) X  
Support for compression libraries Partial  
Support for WebAuthn   X
Support Yubikey 4   X
Support for forward proxying authorization   X
Improved DACS account self-administration, enrollment, and provisioning   X
Authentication using one-time, out-of-band passwords (sent via email, SMS text messaging, etc.)   X
Emergency sign on via "vouching"   X
Web-based spam/DoS/abuse resistance framework   X
Privileged identity management (e.g., joint authorization)   X
User-level mutual authentication capabilities   X
Support for risk-based and/or layered authentication   X
Improved support for multi-factor authentication   X
Native support for authentication through OpenID   X
Support for OAuth provider/server   X
Support for Amazon S3 Authentication   X
Strong mutual authentication via asymmetric key exchange (prob. SRP, modulo IPR concerns)   X
Integration with JAAS   X

There is also a very long wish list that includes minor enhancements, interesting ideas, and major new capabilities. We are continually improving and extending the DACS programming language.

Release Milestones

As of DACS 1.4.26, Solaris/OpenSolaris is not an officially supported platform.

DACS 1.4.25 improved support for one-time passwords (such as time-based tokens, token provisioning, and additional OTP token vendors), added simplified user-selectable authentication control, fixed and improved PAM-based authentication, and added support for SQLite. For a detailed list of changes for previous releases, please refer to the download page.

A demonstration of counter-based and time-based one-time password authentication is available. Users of token-based authentication devices should be aware of recently discovered weaknesses.

InfoCard/CardSpace Support

Versions 1.4.23 and 1.4.23a introduced comprehensive support for both self-issued and managed Information Cards [0, 1, 2, 3]. Among other important features, InfoCards facilitate phishing-resistant, password-less sign on. DACS provides components to create managed InfoCards and allow web sites and other server-based applications to use self-issued and managed InfoCards for authentication (including single sign-on) and other applications.

In early 2011, Microsoft announced that it would not support CardSpace (aka, Infocards and Information Cards) starting with Windows 8. CardSpace has been the most widely available identity selector for using Information Cards. The implementation of Infocards support within DACS remains in the code base and is documented, but is no longer being actively tested and maintained (neither are the demos). Support for Information Cards within DACS will likely be removed.

List of Releases

Here is the latest release schedule, with historical entries:

DACS Release Actual or Target
Release Date
dacs-1.4.51 Expected before July, 2024
(contact us for the latest status)
dacs-1.4.50 Released 22-Jul-2023
dacs-1.4.49 Released 8-Feb-2023
dacs-1.4.48 Released 20-Jul-2022
dacs-1.4.47 Released 11-Jan-2022
dacs-1.4.46 Released 8-Jun-2021
dacs-1.4.45 Released 20-Jan-2021
dacs-1.4.44 Released 28-May-2020
dacs-1.4.43 Released 20-Sep-2019
dacs-1.4.42 Released 29-Jan-2019
dacs-1.4.41 Released 12-Sep-2018
dacs-1.4.40 Released 1-Feb-2018
dacs-1.4.39 Released 26-May-2017
dacs-1.4.38a Released 23-Nov-2016
dacs-1.4.38 Released 21-Oct-2016
dacs-1.4.37 Released 18-May-2016
dacs-1.4.36 Released 29-Dec-2015
dacs-1.4.35 Released 26-Aug-2015
dacs-1.4.34 Released 24-Jul-2015
dacs-1.4.33 Released 4-Mar-2015
dacs-1.4.32 Released 6-Jan-2015
dacs-1.4.31 Released 15-Sep-2014
dacs-1.4.30 Released 7-Jul-2014
dacs-1.4.29 Released 30-Oct-2013
dacs-1.4.28b Released 1-Mar-2013
dacs-1.4.28a Released 29-Jan-2013
dacs-1.4.28 Released 23-Oct-2012
dacs-1.4.27b Released 19-Mar-2012
dacs-1.4.27 Released 16-Jan-2012
dacs-1.4.26 Released 30-Sep-2011
dacs-1.4.25 Released 23-Jun-2010
dacs-1.4.24 Released 7-Jan-2010
dacs-1.4.23a Released 16-Oct-2009
dacs-1.4.23 Released 14-Sep-2009
dacs-1.4.22 Released 13-Jan-2009
dacs-1.4.21 Released 31-Mar-2008
dacs-1.4.20 Released 15-Aug-2007
dacs-1.4.19 Released  2-Jul-2007
dacs-1.4.18 Released  4-Apr-2007
dacs-1.4.17 Released  8-Feb-2007
dacs-1.4.16 Released  4-Dec-2006
dacs-1.4.15 Released  3-Oct-2006
dacs-1.4.14 Released  1-Aug-2006
dacs-1.4.13a Released  2-Jun-2006
dacs-1.4.13 Released  1-Jun-2006
dacs-1.4.12 Released  1-May-2006
dacs-1.4.11 Released  9-Mar-2006
dacs-1.4.10 Released 26-Jan-2006
dacs-1.4.9 Released 21-Dec-2005
dacs-1.4.8 Released 18-Nov-2005
dacs-1.4.7 Released 20-Oct-2005
dacs-1.4.6 Released 20-Sep-2005
dacs-1.4.5 Released 17-Aug-2005
dacs-1.4.4 Released 22-Jun-2005
dacs-1.4.3 Released 27-May-2005
dacs-1.4.2 Released 14-Apr-2005
dacs-1.4.1 Released 16-Mar-2005
dacs-1.4.0 Released 14-Feb-2005

Release names that end in a letter are usually unscheduled versions that address a small number of urgent problems.

The following interim releases are associated with special projects and were not made publicly available: dacs-1.4.22[a-j], dacs-1.4.23b, dacs-1.4.27a

Please contact us if you have any questions about these releases or planned features.
Your suggestions for features and their relative priorities are welcome.

$Id: $