I’ve been reading James McGovern’s Enterprise Architecture: Thought Leadership for some time now. I have to say, I disagree with James on a lot of things (for example…), but his entry today on ‘bell curve compensation’ is spot on. Just how do you compensate employees fairly where there are some teams of superstars, some ‘normal’ teams and some composed entirely of dim bulbs?
Back in March, Paul Bryan released the first version of the OpenID Extension for OpenSSO, implementing an OpenID Provider for OpenSSO, Sun’s open source single sign-on/access control/federation project. You might also recall that, at the beginning of this month, SSOCircle put this into production, enabling OpenID Provider services on their public identity provider.
Last night, Paul announced the second drop of his OpenID provider on OpenSSO’s developer mailing list. For those of you not subscribed, here is the full text of his announcement:
Hi all:
I have just checked-in the source to the OpenID provider 1.0 alpha2. The following are excerpts from the README file:
Introduction
The OpenID provider provides a complete OpenID Authentication 1.1 protocol compliant identity provider implementation, complete with full support for OpenID Simple Registration Extension 1.0.
Features
This release includes the following enhancements over 1.0 alpha1:
- Standalone web application as deployable WAR file
- OpenID message object model; supports future consumer implementation
- Trust management user interface (non-persistent trust decisions)
- Simple Registration Extension user interface
- On-the-fly l10n and i18n (English, French and German included)
- Full decoupling from authentication infrastructure through getUserPrincipal
- Integration with OpenSSO through servlet filter implementation
- Configurable OpenID identity regular expression pattern
- Configurable authentication provider principal mapping
- No more dependencies on OpenSSO internal classes
Roadmap
This is the second release in a planned series of releases. Version 1.0 alpha3 targets to include the following enhancements:For more information, see: As always, any comments and feedback will be most appreciated.
- Persistent trust decisions (via pluggable persistence SPI)
- Persistent persona management and associated user interface
- Integration with other authentication infrastructures
- Response to errors through published openid.error mechanism
- Further refinement in preparation for OpenID 2.0 ratification
- Full supporting documentation
- Comprehensive logging
Paul C. Bryan
pbryan@dev.java.net
As soon as I get a chance, I need to go grab this and have a play…
I’m in Brussels this week for the Liberty Alliance Plenary Meeting and IOS Brussels, but, back at the ranch in California, the Sun Developer Network folks have released another technical article on Access Manager: Achieving SSO With Sun Java System Access Manager and SAML, a look at how to integrate Access Manager with a third party application – in this case SAP NetWeaver Enterprise Portal 2004s – via SAML.
As you may recall from a previous blog entry, a little while ago, Martin Gee of ICSynergy (one of Sun’s system integrator partners, focussing on identity management, federation and SOA) blogged about some work he’d done integrating OpenSSO with CardSpace. He’s since written this up as an article for Sun Developer Network. It’s a great overview of both CardSpace and the mechanics of extending OpenSSO to support new authentication mechanisms.
It’s good to see folks innovating on OpenSSO, and it’s great to see them documenting their work like this.
Back today after 10 days at Disney World in Florida. 1800 unread emails… Select All, Delete 
Looks like Hu’s been busy – not only has he deployed a sample SAML 2.0 service provider based on the SAML 2.0/PHP OpenSSO Extension (formerly known as Lightbulb), he’s also rolled out Paul’s OpenID code (another OpenSSO Extension). So, now you can go register at SSOCircle and use either SAML 2.0 or OpenID to authenticate to relying parties/service providers, all through the magic of OpenSSO. Cool!
