Superpatterns

Pat Patterson on Identity Management, Federation and Single Malt Scotch

accessmanager adoption authentication bloggers burtongroup catalyst community extensions federation google identity libertyalliance lightbulb links opends openid opensource opensso php saml sdn security sso sun webservices

« Access Manager train... | Main | Announcing Open... »

13 Nov · Mon 2006

Open All The Way Up
[ glassfish java opensolaris opensource opensparc opensso ]

It's just one of those days - the bloggable thoughts are coming thick and fast...

For some time now, Sun has been unusual in providing the entire stack of hardware and software, from the metal right on up to the product on which I work, Sun Java System Access Manager:

Web SSO	Sun Java System Access Manager
Web Container	Sun Java System Application Server
Computing Platform	Java
Operating System	Solaris
Processor Architecture	UltraSPARC

Well, now there is an open analogue to every one of those layers:

Web SSO	OpenSSO
Web Container	GlassFish
Computing Platform	Java (now open sourced!)
Operating System	OpenSolaris
Processor Architecture	OpenSPARC

Open all the way up the stack - now that is cool!

@ 03:38 PM PST Comments [4]

Comments:

Yes, cool. But my understanding is OpenSSO doesn't yet support SAML-based authentication between a web service client and a web service provider, but may by the end of the year. Is this correct?

Posted by Michael on November 15, 2006 at 08:35 AM PST #

Hi Michael,

Correct. Yesterday we announced Open Federation - the long awaited open source federation layer for OpenSSO. Looking at Q2 of the FAQ, it sounds like the functionality you are looking for is WS-I BSP. We'll be adding this in the next few months. It already exists in AM 7.1, so it's a straightforward task to port it across.

Posted by Superpat on November 15, 2006 at 09:27 AM PST #

JBoss is not listed as a supported container... I suppose since Tomcat is a component there of there is no reason for it not two be supported, right? Familiar with DoD’s Service-Oriented Architecture (SOA) Foundation aka NCES, and the past Horizontal Fusion efforts? Would there possibly be any interest in your specific group inside of Sun entering into a Cooperative Research and Technology Enhancement (CREATE) agreement with Joint Forces Command centered around the OpenSSO efforts you describe in the development of SAML-based security for a multi-national SOA? I'm just a scummy DoD contractor. So, I can't speak for the government, but in investigating the landscape I had an expectation for what has come to pass -- the virtual open sourcing of Sun's entire stack was a logical line of progression. My thought was to propose a CREATE with specific enphasis on the further development of SAML-support in OpenSSO to the powers that be as a possible option as we have had talks with Sun in terms of SOA related CREATE related agreements in the most general of terms, just not in the specific areas as OpenSSO as I ws not fully involved at the time. Also, how well can one leverage Access Manager or the follow on OpenSSO from outside of NetBeans, say in Eclipse? Not to be insulting, but as a software engineer myself, I would prefer to allow our team the freedom to float between whatever tool suits their own personal needs. I take it NetBeans is just populating deployment descriptors and what not for the web service and client-- The reason for my comment elsewhere in your blog. Contact me at my provided email address....

Posted by Michael on November 16, 2006 at 09:23 AM PST #

Hi Michael,

Well - there's a difference between what is 'supported' and what works, perhaps with a bit of tweaking. Traditionally, Access Manager has been supported on Sun's App Server and Web Server, plus IBM WebSphere and BEA WebLogic, since those have been the containers for which customers are demanding support.

With OpenSSO, I'm not sure we've ever explicitly listed 'supported' containers. You can pretty much just drop the WAR file into anything - as I've blogged before, Tomcat is pretty widely used, despite it never having been a supported platform for Access Manager.

Bottom line - give JBoss a try and see what happens. Let us know at users@opensso.dev.java.net whether it works or not.

I'll respond by email for the DoD/CREATE stuff. Thanks for taking the time to comment.

Posted by Pat on November 16, 2006 at 10:28 AM PST #