when you find the need to go beyond documentation.. IDentity EnAbled Services

with this announcement : http://www.sun.com/aboutsun/pr/2008-11/sunflash.20081114.1.xml
- we take yet another step towards "change".

Do I see any change ? yes! of course I do. and here's what I see.

As part of today's actions, Sun's Board of Directors has approved a restructuring plan aimed at reducing costs by approximately $700 to $800 million annually. The plan includes a reduction of approximately 5,000 to 6,000 employees, representing approximately 15% to 18% of the Company's global workforce.

"reducing costs by approximately $700 to $800 million annually"

Sun expects to incur total charges in the range of $500 to $600 million over the next twelve months in connection with the plan, of which it expects to incur approximately $375 to $450 million within its current fiscal year 2009.

"Sun expects to incur total charges in the range of $500 to $600 million over the next twelve months"

- so... Am I reading this right ? or have i missed something ? Sometimes all of us see what we wanna see and tend to ignore the bigger picture. Like every other human being, I'm trying to see the bigger picture myself. Yet; however my blindfolds compel me to see what I wanna see. I guess It's time to take those blindfolds off as see the "bigger" picture :

Sun's new software alignments include the formation of two new business groups and a new group within Sun's existing Systems business:

Application Platform Software: Executive Vice President, Anil Gadre, will move from his position as Chief Marketing Officer to lead this newly formed group. Charged with creating the highest value modern software business in the industry, the unit will build on Sun's open source leadership position to capitalize on the global market's demand for open application platforms for everything from databases to business integration services on servers, desktops and handheld devices. This includes the entirety of Sun's Java technology franchise, MySQL open source database products, as well as Software Infrastructure including the widely adopted GlassFish Application Server and leading Identity management products. This group will also include the Sun Learning Services organization.
Systems Platforms: Under the leadership of Executive Vice President, John Fowler, Sun's Solaris, Virtualization (including xVM and VirtualBox), and Systems Management Software teams join the Systems organization to deliver highly differentiated and optimized computing, storage and networking systems. Unlike any other technology provider on earth, Sun will be uniquely positioned to leverage its open OS leadership and virtualization portfolio to create durable competitive advantage for Sun's systems business, and category-shifting innovations for customers. The recently announced 7000-series of Open Storage products, leveraging open source ZFS technology, DTrace analytics, superior management capability, and unique storage engineering are only the beginning of this deep systems roadmap.
Cloud Computing & Developer Platforms: Working across all of Sun, Senior Vice President, Dave Douglas, will lead the Company's efforts to capitalize on two trends: the increasing shift of customer and developer focus to web-based cloud services and Sun's already established leadership position in the space through Network.com, the NetBeans developer platform, and the StarOffice portfolio. The unit will build upon Sun's existing online developer community - one of the world's largest - to firmly establish the company as a leader in cloud computing and grow this area into a significant driver of future revenues.

WS-Federation is adopting SAML 2.0 metadata when it releases WS-Federation 1.2. OpenSSO uses WS-Fed 1.1 metadata which is now deprecated. Expect to see an openSSO release soon that will adopt WS-Fed 1.2

http://identity-des.com/2008/10/28/harmonized-federation-metadata-for-ws-federation-and-saml

“Secure web application development has become imperative due to the new PCI-DSS mandate. Companies who choose to adopt the form of training offered by SCIPP will benefit from a trustworthy yet cost-effective security awareness program.”

~Howard A. Schmidt, former CISO for Microsoft and ebay, SCIPP Advisory Board Member

A free webinar on "Security Awareness Requirement for Web Application Developers"

WHEN: Wednesday, October 22, 2008

TIME: 1:30pm - 2:00pm EST

TOPIC: "PCI-DSS ALERT: Complying with the NEW Mandatory Security Awareness Requirement for Web Application Developers"

PRESENTER: Dow Williamson, CISSP, Executive Director.

CHANNEL: IT Certification and Training

Webinar: http://www.brighttalk.com/webcasts/1220/attend

How Important is Security ?

Estimates Put T.J. Maxx Security Fiasco At $4.5 Billion

The security Breach at TJX Companies Inc. could cost the company $100 per lost record, or a total of $4.5 billion, according to the calculations of a database security company.

NY Bank ‘loses’ 4.5M unencrypted customer records

In yet another unbelievable story of data irresponsibility, the Bank of New York (BNY) Mellon lost two sets of unencrypted backup tapes containing private data belonging to 4.5 million individuals. Third-party vendors misplaced the tapes during transport to off-site locations. According to the bank, the tapes "included shareowner and plan participant account information, such as name, mailing address, social security number, and transaction activity."

Save the Date attend the webinar on the 10th of October 2008 @ 1:30 PM EST.

Nick Wooler the product line manager for the directory services team has posted a screencast on installing OpenDS in under 3 minutes !!! This screencast is a must watch.

watch the simplicity of the entire installation process. It's simply awesome. The entire install including pre-populating OpenDS with 2000 simulated/sample entries was done in under 3 minutes in 5 extremely simple steps. (it takes longer to boil an egg)

User Experience DOES matter.

... and if you liked the soundtrack used in the screencast.. it's "Light & Day / Reach for the Sun" by The Polyphonic Spree feel free to download it from iTunes. (thanks shazam). And for pine-apples... here's the YouTube full length video (which is also under 3 minutes) :

Web applications need access control. I'm not gonna justify that fact. All web applications have the ability where you can restrict access to the resources that reside on it by simply modifying the deployment descriptors (web.xml). This method is called declarative security or declarative access control. Well, but does this really suffice ?

Well, say hello to XACML. XACML stands for eXtensible Access Control Markup Language.

It is a declarative access control policy language implemented in XML and a processing model, describing how to interpret the policies.

If you had followed what Daniel Raskins had said from a long time ago, about supporting XACML, well, here it is. OpenSSO now has XACML support.

Support for XACML allows our customers to share access control policies across corporate boundaries and offers more dynamic standards-based tools for creating federated mashups. As a result, our customers can continue to expand their business reach while using open-standards to enforce security decisions and minimize security risk.

The OpenSSO codebase also has a XACML client sample which you could download, compile and run in a few clicks.

Please Note: This is NOT sunxacml. sunxacml is implementation of XACML 2.0 specifications from sun labs. This does not have support for SAML2.0 profile of XACML 2.0 and is not part of OpenSSO.

OpenSSO XACML implements SAML2.0 Profile of XACML2.0 - supporting XACMLAuthzDecisionQuery and XACMLAuthzDecisionStatement. PEP makes XAML2.0/SAML2.0/SOAP request to PDP and gets response. The OpenSSO XACML client sample is a remote client library that could be used by an application to make XACML calls to PDP.

The returned XACMLAuthzDecisionStatement has XACML Response, Result, Decision and so forth. The OpenSSO XACML implementation leverages SAML2.0 capability of OpenSSO to manage SAML2 metadata of PDP and PEP and exchange SAML messages.

Here's a simple 5 step guide to running the XACML client and testing it with opensso.

• get the OpenSSO.zip, extract and get the opensso-client.zip under samples directory
  
  
• extract the opensso-client.zip, and goto "sdk" subdirectory
  
  
• follow the README file to setup the samples
  
  
• follow the instruction in scripts/run-xacml-client-sample.sh to setup the XACML.

I hope this post has been helpful. Cheers and enjoy building applications that use XACML !! interoperability rocks!!

Well, a lot of folks ask me often if I have fun @ sun. Well, there's TONS of reasons why I love this place. and one small reason being the fun!!. Our execs don't stop at just making sun a fun place to work at, in addition to the fun@sun perks ! they go all out !!! Here's video about Jonathan Schwartz getting "pwned" !!!

We sure know how to have fun @ sun !!!! and we LOVE IT !!!

~if you love what you do, everything is fun !

Here's a video about mySQL ndbcluster presented during google tech talk. The presenter is Stewart Smith who works for MySQL AB as a software engineer working on MySQL Cluster. He is an active member of the free and open source software community, especially in Australia.

ABSTRACT
Part 1 - Introduction to MySQL Cluster The NDB storage engine (MySQL Cluster) is a high-availability storage engine for MySQL. It provides synchronous replication between storage nodes and many mysql servers having a consistent view of the database. In 4.1 and 5.0 it's a main memory database, but in 5.1 non-indexed attributes can be stored on disk. NDB also provides a lot of determinism in system resource usage. I'll talk a bit about that.

Explore how Sun can help you manage, audit, protect, share, and store identity data.

Click here to watch the webcast

OpenSSO has an "extended" set of webservices (REST) interfaces that enables applications to interface with openSSO a piece of cake. The following table lists the REST URL's and their operations and parameters:

 The following code snippet shows how you can authenticate against openSSO using the REST interface and obtain an openSSO token for a user.

<%
    url = "http://localhost:8080/opensso/identity/authenticate";

    String username = "rpinto";

    String password = "testpass";

    java.net.URL iurl = new java.net.URL(url);
    java.net.URLConnection connection = iurl.openConnection();
    connection.setRequestProperty("Content-Type", "application/x-www-form-urlencoded");
    // Send POST output.
    connection.setRequestMethod("POST");
    java.io.DataOutputStream printout = new java.io.DataOutputStream(connection.getOutputStream ());
    String content = "username=" + java.net.URLEncoder.encode (username) +
	"&password=" + java.net.URLEncoder.encode (password);
    printout.writeBytes (content);
    printout.flush (); printout.close ();
    java.io.BufferedReader reader = new java.io.BufferedReader(new java.io.InputStreamReader(
	(java.io.InputStream) connection.getContent()));
    out.println("<h2>Successful Authentication using REST</h2>");
    String line;
    while ((line = reader.readLine()) != null) {
	out.println(line + "<br>");
	int index = line.indexOf("token");
	if (index != -1) {
	    token = line.substring(9);
	}
    }
%>

This code opens an HTTP URL connection and performs a POST operation with the user name and password before displaying the response in the browser.

The request on the wire reads as follows:

POST /opensso/authenticate HTTP/1.1
Host: localhost
User-Agent: Mozilla/4.0
Content-Length: 27
Content-Type: application/x-www-form-urlencoded

username=rpinto&password=testpass

And the response would be—

token.id=AQIC5wM2LY4SfcykUxffyyVGC6k9vHhe7JcyrhHbmlpVZPI=@AAJTSQACMDE=#f