Superpatterns

The other day, I blogged about Openings in the OpenSSO QA Team, under Indira Thangasamy. Well, this week it's Indira's turn in the spotlight over at the Sun Developer Network Identity pages - talking with Marina Sum about Quality Assurance on OpenSSO. Indira talks about how we are automating QA on OpenSSO and building quality into the software right through the development process. It's a fascinating look at an oft-neglected area of software development, so make yourself a cup of tea, settle down to read it then apply for one of the openings on Indira's team.

Since I encouraged Susan to create a blog, and she actually went ahead and did it, I'm happy to be able to link to her... Susan McLucas is a tech writer looking for work. She has worked for companies ranging from startups to giants like Intel and Cisco - in fact, Cisco acquired the last startup she worked for, so she has experience of the acquisition process too.

As I mentioned in my recommendation on her LinkedIn profile:

I know Susan socially, rather than through her work, but I can attest that she is articulate and professional with a keen eye for detail. If we had any openings in my group here at Sun, I'd definitely hire her.

So, there you go, if you're looking for a tech writer, contact Susan through her LinkedIn profile or leave a comment on her blog. And tell her I sent you

The play 'Final Solutions' (trailer, pictures, more pictures), centers on Hindu-Muslim conflict in India, from partition to the current day. The play is presented by Naatak, a group of Indian theater enthusiasts here in the San Francisco Bay Area. The curtain raiser article in Indian Express gives much more background.

"OK - that's very interesting, Pat, but what has it got to do with OpenSSO, identity, or anything I come here to read?" Well, OpenSSO development manager Ajay Sondhi appears in the play - in fact, you can just catch a glimpse of him at 0:29 in the trailer; Ajay is on the far left, with the yellow mask. If Ajay is involved, it's clearly going to be good, so hop along to the Cubberley Theatre in Palo Alto - the last performance is this Friday, October 17th. Oh yeah, Ajay's daughter, Kriti, has a lead role, but I don't think she's even filed a bug on OpenSSO, let alone committed code, so we're wandering a little too far off topic with that information

• Steve Gillmor Interviews Jonathan Schwartz
  How Sun is in a unique position to help enterprises during the downturn.
  (tags: sun humor gillmor schwartz)
• User Experience Matters--install OpenDS in 5 easy steps
  Nice to see Nick Wooler making his mark on OpenDS already - no messing! We miss you on OpenSSO, Nick!
  (tags: opends nickwooler ldap directoryserver)
• Why I like Solaris
  Neil Wilson (ex-Sun Directory Server engineer) expands on his recent quote in an Infoworld article. A really well-written, considered, detailed piece from an engineer for whom I have the utmost respect.
  (tags: linux solaris opends infoworld)

From Indira, news of three openings in the OpenSSO QA team:

• Entry Level QA Engineer (0-2 years experience)
• Entry Level QA Engineer (0-2 years experience)
• QA Engineer - Automation Architect (6+ years experience)

Don't imagine that 'QA' here means 'click around the UI and see if the system responds according to spec, or at least, doesn't surprise you too much'... Take a look at the job specs behind those links. You'll actually be developing the test system for OpenSSO - working with technologies from Python/Jython to LDAP to Java EE, across seven operating systems and server products from at least as many vendors. Not only that, this is an open source project, so part of your work will be to hang out on the OpenSSO mailing lists and IRC channel, and even blog about it all. Yep - get paid for IRC and blogging.

So - if you are smart and gets things done, click on those links, and if you like what you see, apply, and tell them I sent you (we have a referral program)

!!!STOP PRESS!!! More OpenSSO openings:

• Entry Level Engineer (0-2 years experience)
• Entry Level Engineer (0-2 years experience)
• Entry Level Engineer (0-2 years experience)
• Entry/Intermediate Level Engineer (0-5 years experience)

Plenty of positions there if you'd rather be the one being tortured (product engineering) than the torturer (QA)

• OpenOffice.org 3.0 Final on a Server Near You
  The final release has already been pushed!
  (tags: openoffice.org office)

By now, you're probably familiar with the term 'tab sweep', particularly if you've read either of Tim or Rich's blogs. You end the week with a bunch of tabs open in your browser that you need to blog about, so you do. Here's my first...

• First up, Rajeev's Blog. There's some great stuff there from the past few weeks - my favourites are How to Integrate OpenSSO with Salesforce.com via SAML and the OpenSSO QuickStart prototype. If you have any interest at all in OpenSSO, you need to subscribe to Rajeev (or to Planet OpenSSO, which aggregates Rajeev's Blog with a whole host of others).
• Next is the transcript from last week's OpenSSO 'Ask The Experts' session at the Sun Developer Network. There's some great stuff in there - from the scheduled release date for OpenSSO Enterprise 8.0 (October 31st) to some low level detail on configuring OpenLDAP as a user store for OpenSSO.
• While we're over at Sun Developer Network, Sidharth and Marina have an article on Deploying OpenSSO on GlassFish Application Server - great stuff for folks picking up OpenSSO for the first time, with handy tips for established OpenSSO fans too - some very neat command line alternatives for configuring GlassFish and deploying the OpenSSO WAR file.

There - I feel lighter now I got all that off my chest. Have a good weekend, everyone!

• Return to sender: Artist puts Royal Mail to the test
  Harriet Russell decided to lay down a challenge to her postmen and women with a series of brain-teasers. Wonderful - make sure you click 'more pictures' to see all the puzzles.
  (tags: Funny art mail puzzles)

CPqD provides Operations Support and Business Support systems, training and consulting services to the telecommunications industry. Mário Celso Teixeira, of CPqD's Brazilian facility, describes their OpenSSO deployment in an email today to the users@opensso.dev.java.net mailing list:

I want share with you that CPqD have deployed the OpenSSO as a single sign-on solution for 3000 users and 75 applications in October, 2008.

After 4 months, 75 corporate applications was customizeds to use the single sign-on system where the user´s identity are provided for Windows Active Directory.

Primarily we went to install CAS server as a single sign-on product but, in April 2008, me (Mario Celso Teixeira) and Gustavo Chaves were at FISL 9.0 in RS, Brasil and saw the Pat Patterson presentation and we decided test the solution.

The strategy adopted was to install the Policy Agents in the application servers that are used for our applications (IIS 6.0, Apache, Jboss, Tomcat) and not customize each one using Opensso API, to minimize implementation efforts.

After one week live in production, the users are very satisfied because, before, each user could have 15 different accounts and passwords to access the applications.

Next, we want to implement Federation and Identity Management

Wow. 75 applications in four months, across IIS, Apache, JBoss and Tomcat. That's impressive! Thank you for sharing your OpenSSO success story, Mário

I was looking at MarkMail today, specifically at September 2008's emails to users@opensso.dev.java.net, and it struck me how many were from folks outside Sun. In fact, looking at the Top 20 senders, only 10 are in the 'OpenSSO team' at Sun. Another 4 (shown highlighted in light yellow) are folks from elsewhere in Sun, with 6 of the Top 20 (highlighted in yellow) being participants from outside Sun.

1)	Pat Patterson	27
2)	Rohan Pinto	22
3)	Dennis Seah	21
4)	Aaron Sheffey	19
5)	Shesh Kondi	17
6)	Deepak Pasupunatla	13
7)	David Goldsmith	12
8)	John Domenichini	11
9)	Robert Dale	11
10)	Hua Cui	10
11)	Dilli Dorai	9
12)	Tim Reynolds	9
13)	Damien Covey	8
14)	Amit Snyderman	7
15)	Nikolaos Giannopoulos	7
16)	Sean Brydon	7
17)	Ashok Anumandla	6
18)	Ezra Simeloff	6
19)	Florian Thiel	6
20)	Qingwen Cheng	6

Intrigued, I looked at the Top 20 senders since OpenSSO began, expecting to see far fewer 'external' senders over the long run, but was very pleasantly surprised to see just as many there:

1)	Pat Patterson	288
2)	Dennis Seah	271
3)	Michael Teger	125
4)	Sean Brydon	117
5)	Hua Cui	116
6)	Nikolaos Giannopoulos	103
7)	Dilli Dorai	100
8)	Hedrick, Brooke	86
9)	David Holroyd	76
10)	Milton Lima	72
11)	Nebergall, Christopher	69
12)	Subba Evani	63
13)	David Goldsmith	61
14)	Ping Luo	61
15)	Tim Reynolds	59
16)	Indira Thangasamy	57
17)	Rajeev Angal	53
18)	Shivaram Bhat	53
19)	Robert Dale	49
20)	Qingwen Cheng	46

One consequence of this diversity is that the pool of OpenSSO expertise is growing and we now have questions being asked and answered on the mailing list, by folks 'out there' in the wider community, while we in Santa Clara are all tucked up in bed. You know, I think there's some substance to this 'open source' thing...

• Mac OS X, Perl and SSL
  Perl on MAC does not support SSL out of the box. So you must install SSL support: sudo perl -MCPAN -e "install Crypt::SSLeay"
  (tags: perl mac osx ssl)

Sun Solution Architect Joachim Andres (aided and abetted by Paul Walker and Andy Hall) has just written up an integration [PDF] of OpenSSO with Sun Secure Global Desktop. Secure Global Desktop (SGD for short) provides secure access to centralized Windows, UNIX/Linux, Mainframe and Midrange applications from a wide range of popular client devices, including Microsoft Windows PCs, Solaris OS Workstations, thin clients and more (can you tell I cut'n'pasted that from the product page? ). One of the most interesting client interfaces to SGD is via a Web browser - you can see it in the demo I recorded with Michael Coté of Redmonk - which brings it into OpenSSO's sphere of control.

This integration is a great example of the use of policy agents with existing applications - the policy agent sets the REMOTE_USER server variable and SGD is configured to pick that up rather than use its own login page. With that, and a tweak to SGD's logout logic to send the browser to OpenSSO's logout page, we have a very neat integration. Check it out [PDF].

• OpenSSO Gets SaaSy - Federated Identity Across the Firewall with Google and SalesForce.com
  Michael Coté of Redmonk and Daniel Raskin and Pat Patterson of Sun talk about federated identity, software as a service and OpenSSO
  (tags: opensso identity redmonk saas google salesforce federation)
• Demo - OpenSSO Quick
  Demo of single sign on from Active Directory Federation Services (ADFS) to OpenSSO, then from OpenSSO to Google Apps for Your Domain and SalesForce.com
  (tags: demo adfs opensso google salesforce federation identity redmonk)
• Demo - Getting Started Quick with OpenSSO
  Demo of OpenSSO QuickStart - deploy OpenSSO and an embedded instance of GlassFish v3 using the Java Web Start mechanism
  (tags: opensso quickstart demo glassfish glassfishv3 identity redmonk)

I covered the OpenSSO Enterprise 8.0 launch event yesterday - here is a selection of the more interesting articles and quotes in reaction to the announcement:

• Sun's press release has Chris Harvison, an Enterprise Architect at Scotiabank, looking forward to deploying OpenSSO: "Sun OpenSSO Enterprise brings innovations such as Fedlets and multi-protocol support that will simplify the on-boarding of new federation partners and reduce the costs of doing so. The new tools provide a means to quickly and economically drive SSO across our global organization."
• In Sun goes commercial with OpenSSO, Network World quotes Gerry Gebel of analyst firm The Burton Group: “We are seeing a growing interest in OpenSSO and open source in general. People are looking for different options on software licensing and support. They are not always happy with the price tag on commercial software licenses.”
• Meanwhile, SearchSecurity.com quotes Andras Cser of Forrester Research in its article Sun launches open source OpenSSO for identity management: "If something is open source, you get a whole community feeling, a community buzz around the product. The features are one thing, but at the end of the day, you really want to have a developer community and commercially available implementation talent for software."
• Felix Gaehtgens of European analysts Kuppinger Cole closes his article Sun's new Access Manager is now OpenSSO Enterprise "With some sarcasm, many IT professional note that 'Express' is a synonym for 'limited' and 'Enterprise' is a synonym for 'Expensive'. Sun will have to educate its customers that this is certainly not the case for OpenSSO." Message received and understood, Felix!
• Finally, Redmonk's Michael Coté interviews Daniel and me on OpenSSO's support for single sign-on to software as a service (SSO to SaaS, if you're feeing terse), including demos of single sign-on to Google and SalesForce.com, plus Rajeev's OpenSSO QuickStart prototype.

• Sun's new Access Manager is now OpenSSO Enterprise
  Felix Gaehtgens of Kuppinger Cole gives some in-depth info on OpenSSO Enterprise 8.0 (registration required).
  (tags: federation identity saml opensso accessmanager kuppingercole felixgaehtgens sun)