Superpatterns Pat Patterson on the Cloud, Identity and Single Malt Scotch

7May/075

OpenID at Sun

Already lighting up the blogosphere this morning are posts from Tatsuo, Gerry, Rich and Scott all about Sun's new OpenID Provider. Briefly, Sun is launching an OpenID Provider (OP) for all of its employees.

Why just employees? Well - there are any number of sites that offer OpenIDs, and anyone can start their own, but we wanted to try something different. With this service, we are exploring the use of OpenIDs in a business context - what could it mean to have an OpenID that says you are an employee of Sun Microsystems (or, for that matter, any company)? We'll be learning over the next few weeks and months, and, of course, sharing the lessons with the wider community.

On the technical side, we are deploying the OpenSSO Extension for OpenID on OpenSSO. In case the bulbs aren't lighting yet... this means that anyone can grab those components, do a little tweaking round the edges, and roll this out for themselves. In fact, that's exactly what SSOCircle has done, but in a non-enterprise context.

Filed under: OpenSSO Leave a comment
Comments (5) Trackbacks (0)
  1. Correcting Johannes’ post – this was a cross-department effort with contributions from (amongst others) the CTO office (in particular Gerry, Eve, Lauren and Hubert), SunIT and the OpenSSO team. I was on vacation and schmoozing with Liberty in Belgium for most of the past month, so I really can’t accept any credit.

  2. Ah, that’s where I left my keys – on the scanner !

  3. Hi Pat!

    Regarding:

    “what could it mean to have an OpenID that says you are an employee of Sun Microsystems (or, for that matter, any company)?”

    In my opinion it does not matter whether the OpenID provider that says you are an employee of Sun is the OpenID provider at Sun. For a OpenID consumer it is totally irrelevant whether it is the official Sun OpenID Provider or if it is a free random open registration provider somewhere on the net. And this is where OpenID’s goal is totally different from SAML thinking, and this is also where OpenID often is misunderstood.

    That said, what you are gaining, and what is totally awsome for Sun employees is that you will get SSO between internal services and all those random openid consumers. (off course if the openid provider is the same as your saml idp).

    I tried to sketch some of my ideas of what happens, and why, to put up OpenID interfaces to existing SAML IdPs, but I am no good at writing.

  4. Sven Dowideit’s working on re-architecting TWiki’s authentication and session system to enable better support for external user management – for the upcoming TWiki 4.2.0 release in June, we should see OpenID support – at least for login, and registration – and later, TWiki will be able to be an OpenID providor too..


Leave a comment

No trackbacks yet.