A LinkedIn Story

Regular readers will be aware of my thoughts on LinkedIn, the networking website. It’s a great resource for getting, and staying, in touch with colleagues. The way it works is, you build a list of your contacts, either by finding them on LinkedIn or inviting them to join. Now, your ‘network’ is your contacts, plus their contacts, plus their contacts’ contacts etc. up to 4 degrees. You get to search your network to find, for instance, people in a given field looking for a job, or looking to fill a vacancy, or whatever.
Anyway – my good friend Ken O’Berry recently left Sun for a job at Motricity, a provider of mobile content solutions and services based in Durham, NC. Ken was product line manager for Sun Java System Access Manager, and my boss for nearly a year. If you’re on LinkedIn already, you can read what my endorsement of Ken here; if you’re not on LinkedIn, suffice to say, I learnt most of what I know about product management from Ken – a great loss to Sun, but the move made sense for him.
What I didn’t know until today was that the recruiter had found Ken through LinkedIn. The recruiter was several degrees removed, and the final link to Ken was via someone at another vendor who Ken had worked with several months ago. But it worked. The recruiter was looking for someone with product management expertise in the RTP area, and Ken was looking for a gig closer to home.
So – if you’re in the tech industry, get yourself on LinkedIn. Even if you’re not looking for a job right now, you’ll be glad you built up a network when you do start looking.

Badass Bunny

Tom, my 3 year old little boy made an Easter Bunny puppet. The teacher asked him why he looks so cross – Tom said “He’s sad because he can’t find any Easter eggs”. I think he looks like a very hot cross bunny. 🙂

Sun Java System Access Manager Federation-Enables Windows Logon

Nice to see Ping Identity catching up with functionality that Access Manager has provided for a whole year now. Access Manager 6.2 (released in 2004Q2) introduced Windows Logon authentication via SPNEGO tokens over HTTP – the protocol is described by Microsoft here. Access Manager federation-enables all of its authentication modes, from username/password against LDAP through Windows Logon to smartcards and other hardware tokens.
We don’t stop there, either. From the current version (6.3, aka 2005Q1), Access Manager generalises the mechanism to any other platform that can provide a Kerberos ticket via a compliant browser (for example, Mozilla/Firefox), so you can authenticate to the Solaris or Linux desktop and access protected resources wherever they may be.
Beat that, Ping.

Sun Java System Directory Server Enterprise Edition – Net Talk

Remember I was blogging about the great people you get to work with here at Sun? Well, one of the best is Don Bowen, Product Line Manager for Directory Server. I first met Don in Munich at the Burton Catalyst Conference in 2002 – gosh, was it really only 2½ years ago? Don knows everybody in the industry – he was working in identity management before it was even called identity management. If you’re on LinkedIn, his profile is here. If you’re not on LinkedIn, and you work in tech, sign up, RIGHT NOW! It’s the single most efficient mode of networking I know, and a great way to get back in touch with people you used to work with.
Anyway – back to the point. Don has recorded a ‘Take 10‘ – a < 10 minute presentation on Directory Server Enterprise Edition (‘DSEE’), explaining why we now talk about the directory service rather than a directory server and the huge functionality included as standard in DSEE. There is also a white paper explaining in more detail just what we mean by a ‘directory service’.
Go take a look, and feel free to leave a comment here with feedback – I’ll make sure it gets to Don.

Is anyone using DSML?

Directory Services Markup Language (DSML) “bridges the world of directory services with the world of XML” (quote from OASIS DSML page). Effectively, it’s an XML encoding of LDAP. Sun implemented it in Directory Server 5.2 way back in June 2003, in common with other directory server vendors (Novell, Microsoft).
The question is, is anybody using it? I’ve never heard of a DSML client in production, and, in my unofficial popularity poll, Google shows only 115,000 hits for DSML, compared to over 7 million for LDAP.
So – has anybody implemented DSML from the client side? And if not, why not?

It’s Official – SAML 2.0 is now an OASIS Standard

Announced today on the OASIS tc-accounce list. A consolidated zip file with all specifications and schema is publicly available. See the OASIS SAML site for individual PDFs, XSDs, etc.
Briefly, SAML 2.0 unifies the previous disparate federated identity building blocks of SAML 1.1 with input from both higher education’s Shibboleth initiative and the Liberty Alliance’s Identity Federation Framework. There is an executive overview of SAML 2.0 that summarizes what’s new.