The Anti-Blog Blog: Everyday Engineering and Architecture

If anyone is looking for a good open source project to which to contribute, I highly recommend the OpenDS directory server project. In fact, I've got a couple ideas myself on ways to expand this project.

Haven't really promoted the OpenDS very much on my blog. Shame on me since LDAP, Directory and Identity Management is one of the things I enjoy working on.

The 1.0.0 release is stable and available for download as of July 10, 2008.

I really like some of the things OpenDS brings to the table and find the QuickSetup amazing.

Some of the things I think that OpenDS could do with a little work:

• a DHCP server
• a Kerberos KDC server
• a YP / NIS Master
• a DNS server

There are several reasons for consolidating all these naming services functions into the OpenDS architecture.

1. same data even though it's presented through multiple protocols
   (I mean really, how many places do I really wanna store the same IP address?)
   
2. protocols are well defined just like LDAP
   (so it's a matter of adding a plug-in and listner, not complete re-inventing the wheel)
   
   
3. frankly the Sun DHCP server and java-based admin console stink on ice
   (ISC's is way better IMHO)
   
4. these things need updated anyways to support IPv6
   (see #3 above)

So if anyone including computer science students or campus ambassadors are looking for a good open source project and an idea or two about what to do, look no further.

A small one... but one none-the-less.

Microsoft's directory team forced to reconsider ignored standards.

Interesting article in Network Article. Wow

I am almost speechless. Almost. ;)

It's about darned time people. Now that the static friction has been overcome let's get over the document format issues in the Office product too... please?

In the most recent (2/2008) edition of the EduConnection online newsletter, there's an article written by yours truly. It's titled "Top 3 Issues in Higher Education Identity Management" and serves up the high-level, uber-strategic top 3 issues. There are going to be those people that disagree and that's fine, because as long as we're talking about the issue of Identity Management it's not being being sidelined or ignored.

However, if I look at most of the Education customers I deal with, very few have implemented a formal and well defined (nee even published) Identity Governance model. Simply put, many IT groups want to fly under the radar and not actively seek input from higher up. This results in significant quantities of tactical things happening around Identity Management but little if any governance.

If you've got an identity project underway, ask yourself a couple questions, "What's the governance model?" and "Where can I find it on the web?" If anyone directly involved in the project can't at least point to the version on the web, there's a problem.

One university I worked with took several years to develop a password policy for two reasons:

1. They wouldn't look elsewhere for examples of what's already being done and use them as a starting point.
   
2. They didn't have a governance model to make the final decision in the end.

As things become more complex around Identity Management, governance (or lack thereof) will become a bigger and more noticeable issue. So begin establishing a governance model (and publishing it) today.

Episode 2 of FAMTalk, the Federated Access Manager Podcast, is now available for download.
This month's episode is presented by Pat Patterson (http://blogs.sun.com/superpat) who presents a primer on Federation, a little bit of history of the protocols, SAML 2.0, OpenID, and finally wraps up with information on Concordia.

Yes, this is the "January" episode and the calendar really does say "February" and we apologize for being late. Pat had a few technical audio problems with his microphone... which was on it's last legs and then gave out entirely. He had to re-record sections with poor audio and splice the audio back together in post-production. Fortunately, since it's a podcast, we can fix things in post production. ;-)

Questions, Comments, Suggestions & Feedback: Unlike the monthly Collaboration Calls, where participants can ask questions during the call, we can't take "live" questions on a podcast. We've created an email address to which you can submit questions, comments, feedback, or suggestions. At the start of each episode we'll spend time addressing your questions. You can also send us suggestions or questions about topics you'd like us to cover in future episodes. The email address is:


Format: The episodes are available in two formats, full AAC (a.k.a. MPEG4) as well as MP3 format.

The full AAC/MPEG4 version includes all slides and graphics we discuss during the call and also contains embedded chapter markers which means you can use the 'next track' / 'previous track' controls on your iPod or MP3 player to advance or back up graphics and slides will display during the playback.

For those players which don't support AAC/MPEG4, we're also making an MP3 format available, which should play on any device. Unfortunately MP3 format doesn't support embedded graphics or chapter markers in the playback.
Though not all episodes will require graphics or slides, we will be making these available for all episodes which use them. Usually this will be available in PDF format.


Where is all this content?: The podcast website is located at

No authentication, registration, or passwords are needed. The content is available to anyone. You can browse the list of episodes and download episodes from the website in either AAC/MPEG4 or MP3 formats and can also download any additional content (such as PDF files with the slides and graphics we use to illustrate our topics). The page also includes a subscription link for RSS readers and iTunes.

To subscribe via iTunes, use the following link:

This will take you directly to the FAMTalk page in the iTunes Music Store where you can "subscribe" to the podcast. If you're not familiar with using iTunes to "Subscribe" to podcasts, subscribing means iTunes will monitor the podcast feed and automatically download new episodes as they become available. There's no fee involved... all podcasts available in the iTunes Music Store are free.
If you use a Podcast feed subscriber program other than iTunes, you can use the following URL to subscribe to the MPEG4 version of the feed:

Or, if you prefer the MP3 version (no embedded graphics or chapter makers):


Coming in Episode 3: Terry Sigle (http://blos.sun.com/tls) will talk about applying FAM technology to real-world uses cases.


Participate: We want to hear from you. Please send us your feedback, comments, or questions. At the beginning of each episode, we respond to listener mail. Contact us via email at: feedback@FAMTalk.org

We are able to gauge interest in our monthly collaboration call series via the conference operators who register call attendees as they join the call. Knowing how many people participate on these calls gives us one metric of partner interest. This podcast series doesn't require registration. The iTunes Music Store wont list any podcast in their online directory which requires either a password or registration process in order to access the content. Other than monitoring the downloads, feedback is one of the ways in which we can gauge interest and success. We'd love to hear from you even if you don't have a question.

In a previous post I mentioned EduPerson. I should also give credit to LDAP-Recipe as well which adds more depth to beginning Identity Management (albeit through using LDAP). It includes some of the how's and why's of using EduPerson. Don't be fooled by the date (year 2000), it's as applicable today as it was then.

A little bit more up-to-date reference is the Getting Started page for NMI-Edit. It's also more comprehensive, providing case studies, project planning, identifiers, authentication and authorization too.

http://www.nmi-edit.org/started/index.cfm

One of the things that has been done within the Healthcare industry around Sun's Java Composite Applications Platform (JCAPs), formerly known as SeeBeyond, is something called Single Patient View. That is, the ability to tie together and retrieve one particular patient's data across multiple disparate authoritative systems (eg. radiology and lab).

State and Local Government, as well as national Governments, often face this same challenge. Multiple disparate authoritative systems (eg. drivers licenses and property tax system). Imagine walking into a Government office and them knowing for a change that you've actually paid all those traffic tickets and therefore they can give you a license plate! ;)

Sun has just launched a 10 minute NetTalk webinar on Single Citizen View for Government. It is the featured webcast at http://nettalk.sun.com/.

Watch and enjoy!

It still amazes me that Higher Education customers I call on do not know about EduPerson

I think it's one of the fundamental best things related to directory provisioning that I've seen. I even use it with non-edu customers as an example.

http://middleware.internet2.edu/dir/

Have we focused so much on the really technical challenges that we've lost sight of the fundamentals? Time to get back to basics?

It's almost time for CAMP again!

No not summer camp... EDUCAUSE CAMP in Tempe, AZ.

This year's theme is "Bridging Security and Identity Management" and looks to be a good one as usual.

Right before the Christmas Holiday I received an email from a colleague of mine, Tim Campbell. Tim works in Sun's Software Practice specifically around Partner Enablement. A large part of Partner Enablement is transferring information and keeping partners up-to-date on things. To this end, Tim's group has created a new feature called "FAMTalk". The good news is that it's open to anyone, not just partners. Chalk up another win for transparency here at Sun!

Kudos Tim!

I'm quoting Tim's email below with his permission.

---

You're probably already aware of the various monthly collaboration calls available for the partner community, but you may have noticed there's no collaboration call for Access Manager and Federation Manager.

Since these are both part of OpenSSO, we decided to make the content even more broadly available by including the OpenSSO community, which really means it's open to anyone on the Internet! A monthly collaboration call probably wouldn't work as well, so we've decided to provide this content in 'Podcast' format instead.

The podcast is named FAMTalk - the Federated Access Manager Podcast.

We've got quite a bit of content lined up already. The first few episodes will begin with foundational content and later episodes will build upon that foundation to cover more advanced topics over time. The first episode is already available (as well as a short 10 minute 'Introduction' podcast), with more to come. Similar to the monthly collaboration calls, the FAMTalk podcast will also have monthly episodes. Hosts Terry Sigle, Pat Patterson, Steven Jarosz, and Tim Campbell (me) will alternate hosting these episodes.

Questions, Comments, Suggestions & Feedback: Unlike the monthly Collaboration Calls, where participants can ask questions during the call, we can't take "live" questions on a podcast. We've created an email address to which you can submit questions, comments, feedback, or suggestions. At the start of each episode we'll spend time addressing your questions. You can also send us suggestions or questions about topics you'd like us to cover in future episodes. The email address is:

feedback@FAMTalk.org

Format: The episodes are available in two formats, full AAC (a.k.a. MPEG4) as well as MP3 format. The full AAC/MPEG4 version includes all slides and graphics we discuss during the call and also contains embedded chapter markers which means you can use the 'next track' / 'previous track' controls on your iPod or MP3 player to advance or back up graphics and slides will display during the playback. Though this does work even on the tiny screen of the iPod nano (you don't need to own an iPod capable of playing video movies to see the graphics), you might want to view some of these slides on something with a bigger screen -- such as your computer.

For those players which don't support AAC/MPEG4, we're also making an MP3 format available, which should play on any device. Unfortunately MP3 format doesn't support embedded graphics or chapter markers in the playback.

Though not all episodes will require graphics or slides, we will be making these available for all episodes which use them. Usually this will be available in PDF format.

Where is all this content?: The podcast website is located at

http://www.FAMTalk.org

No authentication, registration, or passwords are needed. The content is available to anyone. You can browse the list of episodes and download episodes from the website in either AAC/MPEG4 or MP3 formats and can also download any additional content (such as PDF files with the slides and graphics we use to illustrate our topics). The page also includes a subscription link for RSS readers and iTunes

To subscribe via iTunes, use the following link:

http://phobos.apple.com/WebObjects/MZStore.woa/wa/viewPodcast?id=270422627

This will take you directly to the FAMTalk page in the iTunes Music Store where you can "subscribe" to the podcast. If you're not familiar with using iTunes to "Subscribe" to podcasts, subscribing means iTunes will monitor the podcast feed and automatically download new episodes as they become available. There's no fee involved... all podcasts available in the iTunes Music Store are free.

Episode 1: The first episode is already available. In this episode I provide an introduction to Access Manager. It covers a little bit of everything but is geared for those who are new to Access Manager. Since this is a foundational episode, no prior Access Manager experience is required.

Coming in Episode 2: Pat Patterson will provide an introduction to federation technology and Federation Manager. Expect this episode to release in late January.

Participate: We want to hear from you. Please send your questions about episode 1, or questions about federation topics (for episode 2) because at the beginning of each episode, we respond to listener mail. Contact us via email at: feedback@FAMTalk.org

We are able to gauge interest in our monthly collaboration call series via the conference operators who register call attendees as they join the call. Knowing how many people participate on these calls gives us one metric of partner interest. This podcast series doesn't require registration. The iTunes Music Store wont list any podcast in their online directory which requires either a password or registration process in order to access the content. Other than monitoring the downloads, feedback is one of the ways in which we can gauge interest and success. We'd love to hear from you even if you don't have a question.

Sincerely,

Tim Campbell

Americas Software Practice - Partner Technical Enablement

Sun Microsystems, Inc.