The second OpenSSO roadmap milestone has been reached on schedule.
Briefly, the architecture document and associated source code for the ‘Session’ module is now available at https://opensso.dev.java.net/. For more details, see the announcement.
Some ‘exclusive’ information:
- The project sources contain about 565 source files out of which 550 are the core system and the rest are for demo purposes.
- All this compiles in under a minute 🙂 and can be compiled on any platform.
- The demo works on all platforms and does not require any ldap. It uses the flat file database and is fairly easy to get up and running quickly.
Congratulations to Arvind and the rest of the OpenSSO team!
I recently coauthored a technical article on Liberty ID-WSF, JSR 196 and Sun Java Studio Enterprise entitled Building Identity-Enabled Web Services. The article just went live at developers.sun.com – here is a slightly adapted version of the intro:
Last October, the article Federated Identity: Single Sign-On Among Enterprises introduced identity federation as it relates to single sign-on (SSO) and demonstrated how Security Assertion Markup Language (SAML) and the Liberty Identity Federation Framework (ID-FF) offer standard mechanisms for crossdomain SSO. That article also briefly described the Liberty Alliance Project’s Identity Web Service Framework (ID-WSF) and its capabilities for identity-enabling Web services.
At a technical session at JavaOne 2005 in San Francisco, we delved into ID-WSF and the new developments in the Java Community Process and in Sun’s products that enable you to efficiently build identity-enabled Web services. This article recaps the content of that session. Specifically, you’ll learn the following:
- How Liberty ID-WSF identity-enables Web services
- How components that are based on the J2EE platform, such as JSR 196, insulate you from the mechanics of ID-WSF
- How Sun Java Studio Enterprise will automate the creation of identity-enabled Web services
I’m here for the week in Singapore, meeting with other Liberty Alliance members. Last night was the member reception – dancing girls and a snake charmer. This is the closest I’ve been to a snake this size!
My car has been in the shop for weeks now – don’t ask. I can work from home most of the time, but about one day a week, I get a rental from the Hertz neighbourhood office round the corner. Hertz seem to like me. I’ve been renting cars from them for years, and I can’t remember the last time I got what I paid for. Let me explain…
I always book a compact (“Ford Focus or similar”). With my AAA discount, it comes out at $33 a day, tax included. In the past few weeks I’ve had a Mustang (very disappointing), a Mazda 6 (impressive), a Hyundai Sonata (ordinary), a PT Cruiser (very ordinary) and this week, a Toyota Celica GT.
Wow – what a fun car. It’s only 1.8L, 150bhp, but it weighs next to nothing. Pin-sharp steering, and it loves to rev. Just bags of fun to drive. I can only imagine what the GT-S must be like, with 30 extra bhp and a 6 speed stick shift (GT is auto).
Thank you Mr Hertz!
My previous job at Sun (until January 2005) was as technical product manager for Access Manager. The main reason I moved back to engineering to take a technical architect role was so that my business card didn’t read like a tongue-twister . Anyway – I still dabble on the technical marketing side, helping out when things get busy over there, like last month’s technical sales training boondoggle event in Las Vegas – two days of lectures and labs bringing together Sun’s identity management marketing team and the Sun system engineers (=sales engineers) affiliated with identity management.
My contribution (no – I didn’t get to go to Vegas!) was a new front end for the Federation Manager Liberty Identity Federation Framework (ID-FF) single sign-on (SSO) sample. This sample, shipped with Federation Manager, shows how to get Liberty ID-FF SSO working between an Identity Provider and a Service Provider. Out-of-the-box, this sample comprised a set of functional, yet plain, JSPs. I re-used some old demo layouts to give the sample a bit of pizazz so the SEs could take something away as the basis for a demo. I was going to just put up a few screenshots here to walk you, the reader, through a simple SSO scenario, but then I realised that it would actually be less work to use Qarbon‘s Viewletbuilder to whip up a flash presentation. So – here it is – just click on the screen below and discover the magic of federated single sign-on…
Thanks to Phil Windley for pointing to InfoWorld‘s Identity Management Challenge. It’s a thorough comparison of products from six vendors – Courion, IBM, Microsoft, Novell, Sun and Thor. I’ll point out that Sun’s Identity Manager is the only product that can answer an unqualified ‘yes’ in each column of the product comparison matrix:
Here’s the final word from the article:
Sun Identity Manager seemed the most mature overall, with strong integration and management capabilities, but still lacks the reporting and front-end polish we were expecting. IBM and Courion have similar work to do on the manageability front. Indeed, Courion needs to keep working on making the flexibility of its solution more accessible. Novell has paid much attention to its front-end tools, producing the easiest solution to configure and manage by far, but it still needs work on the back end to match the depth of Courion or Thor. Finally, Thor was strong from stem to stern, although their implementation process required a good share of custom coding as well.
I’m sure the Identity Manager engineering team are working on the front end with the Mr Sheen as I type this .
Robin Wilton astutely points out that Apache’s TSIK incubator project‘s roadmap is somewhat off the mark in its description of Infocard in relation to the Liberty Alliance Project specifications (and others):
Some of the initial ideas of TSIK is to implement WS-* standards as they are developed, in particular the ones related to implementation of a federated ID protocol such as Microsoft’s InfoCard. (There are other federated ID protocols, for example, Liberty Alliance, Sxip networks, Identity Commons, LID NetMesh, Passel.org, but only InfoCard seems to be based on open web services standards.)
This does indeed seem to be a case of “The World Turned Upside Down“. What I find most strange is that there is no mention in this list of the grandaddy of them all – SAML – now in its 2.0 version and as openly standardised as an open standard can be, at OASIS.