Superpatterns

Tonnes and tonnes (just back from the very metric New Zealand) of OpenSSO news from the last few weeks, but this just in - OpenSSO training maestro David Goldsmith has just released a FREE (as in beer) training course: WSPL-AM-3508-D: OpenSSO Deployment. As David mentions on the OpenSSO Training Page, all you need to do is grab a My Sun account (if you haven't already got one) and get stuck in.

I've been in to take a look around, and it's classy stuff - a 138 page student workbook plus a downloadable VM with Solaris 10, all the tarballs you'll need and even Solaris Zones and ZFS all set up to let you skip sections, roll back from mistakes, try alternate scenarios - whatever you like. If you've been itching to move beyond the basic "Deploy WAR file, configure identity provider, create Fedlet, deploy Fedlet, marvel at its magnificence" recipe and into the strange and exciting world of multiple OpenSSO instances, load balancers, failover and more, let David be your guide...

I fly off today on my summer vacation, but I wanted to blog one last entry to point you to Planet OpenSSO (feed) for all the OpenSSO news over the next few weeks. We have some exciting announcements coming up - stay tuned!!!

As Arun just blogged, SOA World magazine has just announced the finalists for its 2008 Readers' Choice Awards. Sun Access Manager/OpenSSO is nominated for the 'Best Security Solution' category. In fact, a whole bunch of Sun products and projects were nominated across several categories - Arun has a list.

As Arun also mentions, it seems like SOA World haven't sorted out the voting process yet - the site still invites you to nominate products, even though nominations closed June 22, so you can't go vote for OpenSSO just yet. Watch this space for an update when voting starts.

Interesting post from James on the possibilities of Windows desktop systems being SAML identity providers (IdPs). Currently, a similar mechanism exists for desktop single sign-on from Windows (via SPNEGO, using Kerberos tokens, which, by the way, OpenSSO and Access Manager support directly, no IIS 'bounce' required), but this is limited to a single enterprise's AD infrastructure and can be pretty tricky to deploy. It's easy to imagine IE submitting SAML assertions to service providers at Internet scale in the way James describes. Microsoft seem to be reconsidering the case for supporting SAML 2.0, so they may even be receptive to something like this.

Where James does get things twisted (to use one of his favorite expressions ) is in imagining that Sun and Oracle have much influence on our friends in Redmond. Microsoft's paying customers have MUCH more clout than their competitors/partners. I'd suggest, James, that you band together with your peers at enterprises such as GM and Boeing, who I know, from their participation in Concordia, have very similar desires. Heck, you could even roll up your sleeves and dive right in to Concordia - it's free, very enterprisey and Microsoft participate with open ears...

Via Tatsuo Kudo - Gartner recently published their latest vendor rating for Sun. The overall picture is, well, sunny, if you'll pardon the pun, but I'm particularly pleased with their ratings in the areas of Identity and Access Management and Open Source - 'Strong Positive'^* for both, which means that OpenSSO and OpenDS must be doubly blessed

* Strong Positive: Is viewed as a provider of strategic products, services or solutions:

• Customers: Continue with planned investments.
• Potential customers: Consider this vendor a strong choice for strategic investments.

I just uploaded my slides and photos from last week's RMLL conference in Mont-de-Marsan. This was a great event - amazing to see the strength of the open source community in France!

• Marc Liyanage - Software - AppleScript
  Handy little utilities, including OpenTerminalHere
  (tags: marcliyanage openterminalhere mac freeware apple osx software tools applescript terminal finder)

It's been a while since Build 4 of OpenSSO, as we work towards an early access (EA) build of Sun Federated Access Manager 8.0, OpenSSO's commercial 'twin'. Our plan designates OpenSSO build 5 as the FAM 8.0 EA, but we still have some minor issues to iron out before we're ready for EA, hence the release of OpenSSO 1.0 Build 4.5.

Here are some of the new features in Build 4.5, compared to Build 4:

• The Fedlet - quick and easy Federation for SP's, where you'd rather (slightly) modify your web app than deploy more infrastructure - much more on the Fedlet in the Sun blogosphere.
• Federation Validator - test harness for checking single sign-on between a SAML 2.0 Identity Provider and Service Provider.
• SiteMinder Integration - support for co-existence of OpenSSO and SiteMinder.

Many more enhancements are listed at the bottom of the Build 4.5 release notes. Watch the OpenSSO blogosphere for more details on these new features.

The more I work on OpenSSO, the more I realize the nuances of open source development. The fact that we released this 'interim' stable build between builds 4 and 5 is one example of this - the demand for build 4.5 has come from the OpenSSO community, which is now MUCH larger than the FAM team within Sun.

A few days ago, the good people at JavaPolis (which now seems to be called Javoxx) posted the video for my OpenSSO session from JavaPolis 07 at Parleys.com. Go take a look and see how it compares with the SAML 2.0 session they posted back in February.

The slides for my OpenSSO presentation at Jazoon 08 (last week) are now online - just click on the link from the session page at the Jazoon 08 site. If you attended my session, you can give it a rating (out of 5 stars) at that page. You can also see my photos from Jazoon 08 in a Flickr set.

UPDATE (July 8 2008) - pictures from Ludo.

• The Website Is Down
  Sales Guy vs. Web Dude
  (tags: funny exchange web geek)

Over the past few days, the number of participants registered at opensso.dev.java.net passed the 700 mark. It was almost exactly a year ago that we passed 400, so we're currently adding new members at the rate of nearly one a day!

Just to clarify, you can download the OpenSSO binaries and check out the source code without any kind of sign-up whatsoever. You only need to register to file issues, subscribe to the mailing lists and start submitting patches.

It's not always obvious how the java.net account and OpenSSO membership are related, so here's a quick 3-step guide to getting onto the OpenSSO mailing lists:

1. Register for a java.net account.
2. Request 'Observer' role on OpenSSO.
3. Subscribe to 'users@opensso.dev.java.net' and/or 'dev@opensso.dev.java.net'.

Both of these mailing lists are moderated - subscribers' emails go straight to the list, but emails from non-subscribers go into a moderation queue. If you are posting to the OpenSSO lists and wondering why your email hasn't appeared yet, ensure you are using the email account you registered in step 1!

There are many other ways to participate in the OpenSSO community - here's a round-up:

• OpenSSO Wiki - read and write about OpenSSO
• OpenSSO IRC Channel - chat about OpenSSO
• OpenSSO CafePress Store - wear OpenSSO
• OpenSSO @ Ohloh - delve into OpenSSO's stats
• OpenSSO Facebook Group - decorate your profile
• OpenSSO LinkedIn Group - network with other OpenSSO'ers
• OpenSSO Plaxo Group - network with even more OpenSSO'ers
• OpenSSO Xing Group - network with (mostly) European OpenSSO'ers

Prompted by James, I signed up a little while ago to the OWASP Bay Area chapter, keen to learn more about application security, both in hardening OpenSSO and Access Manager and in how those projects/products can contribute to securing applications. Well, whaddya know, the next meeting is a half day Application Security Summit at the Microsoft facility in Mountain View next Wednesday, when I'll be out of town. Keen as I am to attend OWASP, I think the Jazoon folks would be a little upset if I didn't show up for my session on OpenSSO, so I'll have to be content with encouraging folks in the Bay Area to attend - all the details are here and, apparently, space is limited, so if you're interested, sign up now!

The Sun Developer Network's Marina Sum spent some time recently talking to my fellow Federated Access Manager architect Rajeev Angal about Virtual Federation, a new feature forthcoming in Sun Federated Access Manager 8.0 (but available now, of course, in OpenSSO). Virtual Federation promises to simplify federation by allowing legacy applications to interact across enterprise boundaries via a SAML 'tunnel'.

Read the interview for an overview of Virtual Federation; this article has the gory details under the old name 'Secure Attribute Exchange'.

del.icio.us' link posting function seems to be on the blink right now; here are my last few, lovingly hand-pasted...

• Is Sun Microsystems Re-Inventing Itself?
  Ryan de Laplante gives a great overview of Sun's open source product lines, from OpenSolaris to OpenSSO
  (tags: glassfishv2 netbeans opends opensolaris opensso ryandelaplante sun ultrasparct2)
• Time to overcome Java misconceptions
  Google engineers Jeremy Manson and Paul Tyma challenge commonly-held assumptions on Java performance
  (tags: google java jvm performance)
• The new standard for meetings and conferences
  This is why I often just leave my laptop at home when I go to the office - I'm there for the interaction, not to type alone in my office.
  (tags: blog businesssethgodin travel web work productivity conference)
• TED | Talks | Jill Bolte Taylor: My stroke of insight (video)
  Neuroanatomist Jill Bolte Taylor had an opportunity few brain scientists would wish for: One morning, she realized she was having a massive stroke. She watched as her brain functions shut down one by one: motion, speech, memory, self-awareness. Well worth the 18 minutes.
  (tags: brain jillboltetaylor stroke ted)