Over the past few months, Aravindan Ranganathan, Lakshman Abburi and Marina Sum have been working on a series of articles covering the new identity services functionality available now in OpenSSO and coming soon in Sun Federated Access Manager 8.0. This week sees the publication of part 3, covering retrieval of user attributes. One notable feature of the series is it's presentation of both SOAP/WSDL and REST patterns for accessing OpenSSO's identity services. Which do you use, and why?

Third in Sun Developer Network tech author Marina Sum's series of interviews with Sun's identity team is Daniel Raskin, senior product line manager for access and federation management at Sun. Daniel lifts the lid on some of the cool new features coming up in Sun Federated Access Manager 8.0 (and, of course, available NOW in OpenSSO) specifically designed to simplify federation deployments, including Fedlets, Virtual Federation, the Federation Validator and more.

Read the article for the inside scoop!

In the second article of her 'From the Trenches' series of interviews with folks from Sun's Identity team, Sun Developer Network tech author Marina Sum chats with me about OpenSSO's evolution over the past couple of years. We get into some of the challenges inherent in opening up a commercial software product and my aspirations for OpenSSO's future. I mention in the interview that "I'd like whoever desires access control and federated SSO to immediately think of OpenSSO as the preferred choice." This seems to be coming true already - we've already covered integrations with JBoss Portal and Liferay; yesterday I noticed a new integration with PAL Portal.

Following up on her recent interviews with Sun identity folk, Sun Developer Network tech author Marina Sum kicks off a new series of interviews, this week featuring OpenSSO Project Manager Jamie Nelson, Sun's director of engineering for access and federation management (and my boss - Hi Jamie!) Read the interview for Jamie's take on securing web applications. While we're on the OpenSSO/Access Manager topic, Marina also recently published two new sections of the Access Manager FAQ, this time covering Identity Management (from the Access Manager point of view) and the Service Management SDK. Lots of useful little nuggets in there.

Although the open source directory server action is at OpenDS, Sun's existing Directory Server Enterprise Edition is widely deployed and integrated in products such as Sun Java System Access Manager and it's open source twin, OpenSSO. One of the many reasons for its popularity is its implementation of multi-master replication (MMR), the ability to deploy a cluster of Directory Server instances, each synchronizing data with the rest. Installing and configuring such a fully-connected mesh of Directory Servers is quite a laborious task, so Sun identity architect Jonathan Gershater devised a Perl script to do the legwork, then wrote it up as a Sun Developer Network article with technical author Marina Sum. Discover how Perl scripts automate Directory Server installation and configuration.

As I just mentioned over at Superpatterns, Marina and Robert recently published Developing Secure Applications with Sun Java System Access Manager, Part 2: Advanced Authorization, continuing their case study of implementing fine-grained authorization at a fictional health-care company. A great article, with lots for the identity-focused developer.

As Michael and I already reported, OpenSSO v1 build 2 is now available at the OpenSSO download page. There are some pretty major advances in this build, most notably the centralized server and agent configuration. My blog entry gives more detail, while Michael's has a vintage TV commercial - take your pick

Once you've downloaded the new build, you can go work through the latest tutorial over at the Sun Developer Network Identity Pages. Regular authors Aravindan and Marina are joined by Lakshman Abburi to cover authorization with identity services. Now that the nights are drawing in (if you're in the Northern hemisphere!), what could be better than settling down with a nice cup of hot chocolate and working through a tutorial or two?

While standarda such as SAML and XACML provide flexible, interoperable frameworks for exchanging authentication and authorization data, developers are sometimes left wanting something simpler - "Just give me an easy way to authenticate a user and check if they are authorized to access a resource".

We've been working on this in OpenSSO these past few months, building a simple set of identity services; web services for authentication, authorization, attribute retrieval and logging. With SOAP and REST endpoints, just about any application can manipulate identities in a very simple, robust way. Check out Aravindan and Marina's recent article on authentication with identity services. Subscribe to the Sun Developer Network identity feed to catch further article in this series.

Completing our trilogy of articles on integrating Sun Java System Access Manager with Microsoft web applications, Marina Sum, our resident technical author, and Madan Ranganath, Access Manager policy agent engineer, focus on single sign-on from Access Manager to Outlook Web Access 2003. If you work your way through the first two installments, covering IIS and SharePoint Portal Server 2003, and this final article, you'll know pretty much all there is to know about single sign-on between Access Manager and Microsoft's web applications.

Back in May, at JavaOne 2007, Aravindan Ranganathan and Malla Simhachalam presented a hands-on lab titled Securing Identity Web Services. The lab showed how to provide different levels of stock quote service according to the identity of an end-user - authenticated users see real-time stock data while 'guests' see delayed quotes. Since then, Malla, Mrudul Uchil and Marina Sum have written up the lab tutorial as a three-part series of articles at the Sun Developer Network showing how identity can be carried from an incoming web services request right through to an EJB. The sample application shows the request and response messages graphically, and provides links to the XML message data - a particularly nice feature that shows exactly what is going on.

If you've tried to configure single sign-on with Microsoft SharePoint Portal Server 2003, you'll know that can be a bit... non-trivial. The Sun Java System Access Manager policy agent engineering team have been working on extending the existing agent for IIS to allow single sign-on into SharePoint (and Outlook Web Access, but that's another story...). Robertis Tongbram and Marina Sum just wrote this scenario as an article over at Sun Developer Network.

Of course, all Access Manager policy agents also work with OpenSSO, Access Manager's open source alter ego, so when Policy Agent for IIS 6 Hotpatch 8 hits the street it'll work with OpenSSO, too.

Fans of Slashdot and South Park, rejoice! A solution to the infamous three-part business model has finally been discovered. Well, sort of... It won't make you rich, but Sun's SDN Share Program will reward you for sharing your programming knowledge. Anyone can post tech tips, code samples, or full-blown articles. Then anyone else can vote, tag, and comment on those submissions. Bottom line: the best stuff floats to the top, and the best submitters can earn Amazon.com gift certificates. (Okay, it's not cash--but close enough to be called profiting.)

The program started back in April and, as Lou has noted, is seeing some nice usage momentum. It's built with technologies from the GlassFish community, including Slynkr. Give it a look. You might just learn something--or earn something.

Over at the Sun Developer Network, Marina Sum has been on a tear this past week or so, with two articles on OpenSSO and its sister product, Sun Java System Access Manager. Last week, she and I published Single Logout: A Demo, a follow-up to February's article Switch on SAML for PHP With Project Lightbulb, covering Project Lightbulb's evolution into OpenSSO Extensions and its implementation of SAML 2.0 single logout. Much discussion of the mechanics of single logout and its implementation in the OpenSSO SAML 2.0/PHP Extension.

Today, Marina and Robert Skoczylas of Indigo Consulting published Developing Secure Applications with Sun Java System Access Manager, Part 1: Basic Authorization. This article, part 1 of a series, presents a case study of implementing authentication, single sign-on, and authorization at a fictional health-care insurance company. Great stuff, working from a high-level description of the problem right down to specific Access Manager customizations.

Simon is hosting a series of video interviews at the SDN Channel on OpenSource. We taped the interviews some time ago and we are releasing them once a week during March. Last week was the Introduction to the Series; this week's webcast shows interviews with Mark Reinhold on OpenJDK and with me on GlassFish. My 10 minutes of fame start arount minute 9 of the Webcast. It came out reasonably well, considering it was a one-shot interview, unlike my earier interview in Feb 2006.