|
|
|
|
|
OpenSSO Enterprise 8.0 got off to a flying start yesterday with its launch in Second Life (event replay). The IdentiCat himself, OpenSSO senior product line manager Daniel Raskin, and director of engineering for OpenSSO, Jamie Nelson, were on hand to explain how OpenSSO meets three tough challenges of single sign-on - Web access management, federation and secure Web services. Daniel and Jamie showed how OpenSSO Enterprise 8.0, known in its last release as Sun Access Manager, adds many new features, as well as being the first commercial release from the open source OpenSSO project. We've covered many of these features here at The Aquarium as they have appeared in OpenSSO; for instance, OpenDS as OpenSSO's embedded configuration store, the Fedlet and identity services. |
Back in what passes as the real world, the OpenSSO launch was widely covered by press and analysts - I've listed some of the more interesting articles and quotes over at my blog, Superpatterns.
As Daniel explained in the Second Life presentation, there's plenty more in store for OpenSSO - the focus in upcoming releases will be on areas such as carrier-grade monitoring, yet more work on ease of use, and entitlement management. As always, we'll carry the OpenSSO headlines here at The Aquarium, but if you want to immerse yourself in the OpenSSO river of news, subscribe to Planet OpenSSO.
|
Coming up next week is a Sun Developer Network Ask the Experts session on OpenSSO, featuring Rajeev Angal, Aravindan Ranganathan, Dilli Dorai, and Qingwen Cheng. If you have a question on access management, identity federation, secure web services or anything else OpenSSO-related, post it to the Ask the Experts page during the week of September 29. Go on - see if you can stump them |
|
Prompted by Eduardo's post on OpenESB from last week, I checked out the OpenSSO mailing lists on MarkMail - wow! Looking at the last full month, August 2008, we had 4758 messages in total (across the users, dev, code-review etc lists), with 331 on the users mailing list. This last number was down on June and July's numbers (432, 422 respectively) - likely due to summer vacations. If you want to find out what all the fuss is about, and maybe win some cool gear from the CafePress OpenSSO store, hop over to Superpatterns and follow the instructions there to join the OpenSSO community and subscribe to the mailing lists. |
There's been so much happening in the OpenSSO community over the past week or two, I haven't kept up with covering it here at The Aquarium. Here's a quick roundup:
|
Sun Super-SE Shesh Kondi describes how to deploy OpenSSO and its Java EE agents onto Weblogic on Mac OS X. This isn't a supported combination, but it's really handy for demos and development. At Sun Developer Network, the latest in the 'From the Trenches at Sun Identity' series, Sidharth Mishra talks to Marina Sum about Security for Web Services. |
One I picked up on Google Alerts - Qingfeng Zhang has integrated OpenSSO with JA-SIG CAS, allowing users to login to CAS and access resources protected by OpenSSO.
If you haven't already given OpenSSO a whirl, go sign up to the project, download the bits and do it now - you may just win some goodies from the CafePress OpenSSO store.
Finally, a great example of an open source community in action - OpenSSO authentication providers for Spring and Seraph. These are integrations in the 'opposite direction' from the CAS one above, allowing users to login to OpenSSO and access resources protected by Spring Security and Atlassian Seraph (the latter used by Jira and Confluence).
To stay current on OpenSSO, subscribe to Planet OpenSSO (feed).
|
Things have been pretty quiet on the identity front here at The Aquarium over the summer vacation season - time to kick things up a notch with a look at the recent feast of OpenSSO-related articles on the Sun Developer Network's identity pages: In part 4 of the 'Securing Applications With Identity Services' series: 'Single Sign-On and Logout', Prashant, Aravindan and Marina show how OpenSSO's REST-based identity services can be put to use in integrating a sample Java web application with OpenSSO. This approach was used in Prashant's integration of Liferay with OpenSSO, which also works in WebSynergy. 'Integrating Applications With OpenSSO', by Tatsuo, Aravindan and Marina, covers integration with OpenSSO via policy agents, reverse proxies, the client SDK, and identity services. There's a great worked example of integrating Ruby on Rails with OpenSSO, applying OpenSSO's identity services beyond the world of Java. |
The fifth interview 'From the Trenches at Sun Identity' has Marina talking to OpenSSO senior product manager Nick Wooler on Support for OpenSSO, explaining how customers can now buy support for OpenSSO via OpenSSO Express.
Finally, Aravindan Ranganathan talks to Marina about Identity Services for Securing Web Applications. As you can probably tell, identity services is one of the hottest components in OpenSSO right now!
For all the latest OpenSSO articles and more, subscribe to the SDN Identity Feed - there's plenty more in the pipeline!
The OpenSSO Project is soliciting feedback on their Early Access Build -- OpenSSO Express Build 5. With the release of this build, community members now have the opportunity to participate in the Early Access (EA) program for Sun's next commercial offering. Review the Early Access documentation and hammer away at Express Build 5! Send your EA feedback to opensso.eafeedback@dev.java.net so we can make the product perfect. Thanks in advance!
|
More pieces of how Sun leverages OpenSource into Enterprise Offerings: Sun OpenDS 1.0 is now in OpenSSO Express - check out Nick, Rajeev, or... pelegri% jar -tf opensso.war | grep -i opends .... WEB-INF/lib/OpenDS.jar |
Transparent development opens the development milestones to users. Often these milestones are just a path to using the final releases - as in GlassFish Enterprise Support - but for some users the milestones may have the right combination of features/stability/timeliness and they "just want support for it". And today, to address this need for Open SSO users, Sun announced OpenSSO Express.
|
|
Sun OpenSSO Express provides support (in standard, premium and premium plus levels) for the stable milestones in OpenSSO bundled, at no extra cost, with the support of final releases of Sun Access Manager, Identity Management or Java Enterprise System. |
The Express model is applicable to any open source projects, but, so far,
it is only available for OpenSSO.
Details on Sun OpenSSO Express
are available at
here
and it can be downloaded
here
|
|
Over the past few days, the number of participants registered at opensso.dev.java.net passed the 700 mark. It was almost exactly a year ago that we passed 400, so we're currently adding new members at the rate of nearly one a day! |
Just to clarify, you can download the OpenSSO binaries and check out the source code without any kind of sign-up whatsoever. You only need to register to file issues, subscribe to the mailing lists and start submitting patches.
Much more on signing up to OpenSSO, its mailing lists and other avenues for participation at my blog entry on the same topic.
|
Just blogged by Jeff Bounds: Verisign Identity Protection and OpenSSO. Jeff, a Sun SE working out of Atlanta, walks through the process of creating a custom authentication module for Verisign Identity Protection (VIP), allowing holders of VIP credentials to login to OpenSSO. Key quote: "Building an Authentication Module for OpenSSO was easier than I thought". |
If you have an idea for a custom authentication module for OpenSSO, give it a shot - there is plenty of help out there, and we'll be happy to add your module to OpenSSO as an extension.
|
The fourth interview in Sun Developer Network technical author Marina Sum's 'From the Trenches' series, sees her talking to Federated Access Manager architect Rajeev Angal about Virtual Federation, a new approach to allowing legacy applications to interact across enterprise boundaries. Read the interview for an overview of Virtual Federation, dig a little deeper into the technology (Secure Attribute Exchange is the old name for Virtual Federation), then go grab the latest OpenSSO build and try it out! |
|
As I mentioned on my blog yesterday, if you're following OpenSSO at all, you can't have failed to notice the recent chat around the Fedlet, a nifty mechanism for federation-enabling web applications. Briefly, the 'Fedlet' is a package that a SAML 2.0 identity provider can create to quickly federation-enable a small service provider. If you're trying to federation-enable a single web application, you need the Fedlet. |
Here is the buzz:
• Watch the FEDLET Now! REALLY! - Daniel Raskin
• Federation in the diminutive - Eve Maler
• The Fedlet has Arrived - Mark Dixon
• Latest news on the Fedlet - Mark Herring
• OpenSSO の最新ビルドに Fedlet が入ってる - Tatsuo Kudo
• Fedlet comes out with a (Head) Bang - Derrick Harcey
• How to Efficiently Accomplish Identity Federation With Fedlets - Marina Sum
• Finally...The Fedlet has Arrived - Daniel Tse
• The Fedlet - Sun Identity Buzz Episode - Michael Coté
• The Fedlet: Federated SSO Made Easy - Enrico Bianco
|
I'll be presenting OpenSSO and the Fedlet at CommunityOne on Monday May 5 2008 at 4pm in Hall E 135. As you must be aware by now, CommunityOne is free of charge to attend, though you do need to register. See you there! |
|
|
Over the past few months, Aravindan Ranganathan, Lakshman Abburi and Marina Sum have been working on a series of articles covering the new identity services functionality available now in OpenSSO and coming soon in Sun Federated Access Manager 8.0. This week sees the publication of part 3, covering retrieval of user attributes. One notable feature of the series is it's presentation of both SOAP/WSDL and REST patterns for accessing OpenSSO's identity services. Which do you use, and why? |
|
Third in Sun Developer Network tech author Marina Sum's series of interviews with Sun's identity team is Daniel Raskin, senior product line manager for access and federation management at Sun. Daniel lifts the lid on some of the cool new features coming up in Sun Federated Access Manager 8.0 (and, of course, available NOW in OpenSSO) specifically designed to simplify federation deployments, including Fedlets, Virtual Federation, the Federation Validator and more. |
Read the article for the inside scoop!
GlassFish and OpenSSO play very similar roles; they are OpenSource, transparent, community-driven efforts to create enterprise products, except OpenSSO has an extra twist...
|
GlassFish is the Community for SJS AppServer 9.x and OpenSSO does the same for Sun Federated Access Manager (FAM). The twist is that FAM is not yet out. FAM is the combination of the Access Manager and the Federation Manager. Once FAM is out, you can say: GF/SJSAS == OpenSSO/FAM. |
So, go ahead and Download, Evaluate and Deploy OpenSSO!
