WS-Federation is adopting SAML 2.0 metadata when it releases WS-Federation 1.2. OpenSSO uses WS-Fed 1.1 metadata which is now deprecated. Expect to see an openSSO release soon that will adopt WS-Fed 1.2
when you find the need to go beyond documentation.. IDentity EnAbled Services
Wednesday Oct 29, 2008
Thursday Oct 16, 2008
“Secure web application development has become imperative due to the new PCI-DSS mandate. Companies who choose to adopt the form of training offered by SCIPP will benefit from a trustworthy yet cost-effective security awareness program.”~Howard A. Schmidt, former CISO for Microsoft and ebay, SCIPP Advisory Board Member
A free webinar on "Security Awareness Requirement for Web Application Developers"
WHEN: Wednesday, October 22, 2008
TIME: 1:30pm - 2:00pm EST
TOPIC: "PCI-DSS ALERT: Complying with the NEW Mandatory Security Awareness Requirement for Web Application Developers"
PRESENTER: Dow Williamson, CISSP, Executive Director.
CHANNEL: IT Certification and Training
Webinar: http://www.brighttalk.com/webcasts/1220/attend
How Important is Security ?
Estimates Put T.J. Maxx Security Fiasco At $4.5 Billion
The security Breach at TJX Companies Inc. could cost the company $100 per lost record, or a total of $4.5 billion, according to the calculations of a database security company.
NY Bank ‘loses’ 4.5M unencrypted customer records
In yet another unbelievable story of data irresponsibility, the Bank of New York (BNY) Mellon lost two sets of unencrypted backup tapes containing private data belonging to 4.5 million individuals. Third-party vendors misplaced the tapes during transport to off-site locations. According to the bank, the tapes "included shareowner and plan participant account information, such as name, mailing address, social security number, and transaction activity."
Save the Date attend the webinar on the 10th of October 2008 @ 1:30 PM EST.
Monday Oct 13, 2008
Nick Wooler the product line manager for the directory services team has posted a screencast on installing OpenDS in under 3 minutes !!! This screencast is a must watch.
watch the simplicity of the entire installation process. It's simply awesome. The entire install including pre-populating OpenDS with 2000 simulated/sample entries was done in under 3 minutes in 5 extremely simple steps. (it takes longer to boil an egg)
User Experience DOES matter.
... and if you liked the soundtrack used in the screencast.. it's "Light & Day / Reach for the Sun" by The Polyphonic Spree feel free to download it from iTunes. (thanks shazam). And for pine-apples... here's the YouTube full length video (which is also under 3 minutes) :
Sunday Oct 12, 2008
Web applications need access control. I'm not gonna justify that fact. All web applications have the ability where you can restrict access to the resources that reside on it by simply modifying the deployment descriptors (web.xml). This method is called declarative security or declarative access control. Well, but does this really suffice ?
Well, say hello to XACML. XACML stands for eXtensible Access Control Markup Language.
It is a declarative access control policy language implemented in XML and a processing model, describing how to interpret the policies.
If you had followed what Daniel Raskins had said from a long time ago, about supporting XACML, well, here it is. OpenSSO now has XACML support.
Support for XACML allows our customers to share access control policies across corporate boundaries and offers more dynamic standards-based tools for creating federated mashups. As a result, our customers can continue to expand their business reach while using open-standards to enforce security decisions and minimize security risk.
The OpenSSO codebase also has a XACML client sample which you could download, compile and run in a few clicks.
Please Note: This is NOT sunxacml. sunxacml is implementation of XACML 2.0 specifications from sun labs. This does not have support for SAML2.0 profile of XACML 2.0 and is not part of OpenSSO.
OpenSSO XACML implements SAML2.0 Profile of XACML2.0 - supporting XACMLAuthzDecisionQuery and XACMLAuthzDecisionStatement. PEP makes XAML2.0/SAML2.0/SOAP request to PDP and gets response. The OpenSSO XACML client sample is a remote client library that could be used by an application to make XACML calls to PDP.
The returned XACMLAuthzDecisionStatement has XACML Response, Result, Decision and so forth. The OpenSSO XACML implementation leverages SAML2.0 capability of OpenSSO to manage SAML2 metadata of PDP and PEP and exchange SAML messages.
Here's a simple 5 step guide to running the XACML client and testing it with opensso.
- get the OpenSSO.zip, extract and get the opensso-client.zip under samples directory
- extract the opensso-client.zip, and goto "sdk" subdirectory
- follow the README file to setup the samples
- follow the instruction in scripts/run-xacml-client-sample.sh to setup the XACML.
I hope this post has been helpful. Cheers and enjoy building applications that use XACML !! interoperability rocks!!
Well, a lot of folks ask me often if I have fun @ sun. Well, there's TONS of reasons why I love this place. and one small reason being the fun!!. Our execs don't stop at just making sun a fun place to work at, in addition to the fun@sun perks ! they go all out !!! Here's video about Jonathan Schwartz getting "pwned" !!!
We sure know how to have fun @ sun !!!! and we LOVE IT !!!
~if you love what you do, everything is fun !
Here's a video about mySQL ndbcluster presented during google tech talk. The presenter is Stewart Smith who works for MySQL AB as a software engineer working on MySQL Cluster. He is an active member of the free and open source software community, especially in Australia.
ABSTRACT
Part 1 - Introduction to MySQL Cluster The NDB storage engine (MySQL Cluster) is a high-availability storage engine for MySQL. It provides synchronous replication between storage nodes and many mysql servers having a consistent view of the database. In 4.1 and 5.0 it's a main memory database, but in 5.1 non-indexed attributes can be stored on disk. NDB also provides a lot of determinism in system resource usage. I'll talk a bit about that.
Saturday Oct 11, 2008
Explore how Sun can help you manage, audit, protect, share, and store identity data.
OpenSSO has an "extended" set of webservices (REST) interfaces that enables applications to interface with openSSO a piece of cake. The following table lists the REST URL's and their operations and parameters:
The following code snippet shows how you can authenticate against openSSO using the REST interface and obtain an openSSO token for a user.
<%
url = "http://localhost:8080/opensso/identity/authenticate";
String username = "rpinto";
String password = "testpass";
java.net.URL iurl = new java.net.URL(url);
java.net.URLConnection connection = iurl.openConnection();
connection.setRequestProperty("Content-Type", "application/x-www-form-urlencoded");
// Send POST output.
connection.setRequestMethod("POST");
java.io.DataOutputStream printout = new java.io.DataOutputStream(connection.getOutputStream ());
String content = "username=" + java.net.URLEncoder.encode (username) +
"&password=" + java.net.URLEncoder.encode (password);
printout.writeBytes (content);
printout.flush (); printout.close ();
java.io.BufferedReader reader = new java.io.BufferedReader(new java.io.InputStreamReader(
(java.io.InputStream) connection.getContent()));
out.println("<h2>Successful Authentication using REST</h2>");
String line;
while ((line = reader.readLine()) != null) {
out.println(line + "<br>");
int index = line.indexOf("token");
if (index != -1) {
token = line.substring(9);
}
}
%>
This code opens an HTTP URL connection and performs a POST operation with the user name and password before displaying the response in the browser.
The request on the wire reads as follows:
POST /opensso/authenticate HTTP/1.1
Host: localhost
User-Agent: Mozilla/4.0
Content-Length: 27
Content-Type: application/x-www-form-urlencoded
username=rpinto&password=testpass
And the response would be—
token.id=AQIC5wM2LY4SfcykUxffyyVGC6k9vHhe7JcyrhHbmlpVZPI=@AAJTSQACMDE=#f