Recently Asked Questions on OpenSSO

OpenSSO is really taking off now – the number of participants continues to grow daily, we’ve had some really interesting discussions on the IRC channel, and folks around the world are writing their own how-to guides.

A couple of related questions have arisen recently: “How, exactly, are OpenSSO, Access Manager and Federation Manager related?” and “Can I get support on OpenSSO?”. These questions are almost answered in the OpenSSO FAQ – I’ll provide full answers here and push them into the FAQ for future reference.

Q1: How, exactly, are OpenSSO, Access Manager and Federation Manager related?

OpenSSO is based on the Access Manager 7.0 codebase. There are some changes – for example, Access Manager contains some third party source code which we cannot redistribute – but we have worked to minimize these. The next versions of Federation Manager and Access Manager will be built from the OpenSSO source – just like Sun Java System Application Server is built from the Glassfish source. When we are happy that OpenSSO contains the features we want to release in the next AM/FM product release, we will branch the code and stabilise the release branch – all in public. New feature development can continue on the trunk, and fixes in the release branch will be copied to the trunk.

Q2: Can I get support on OpenSSO?

The short answer is “No.” Sun will support Access Manager and Federation Manager, which will, as noted above, be built from the OpenSSO source. However, we never say never. If there is sufficient demand, we will consider other support offerings.

The best place for follow-up discussion on these topics is the OpenSSO users mailing list (click here, login and scroll down to the to subscribe), but feel free to leave comments here also.

Q3: Is opensso exactly same as Sun AM 7.1 from end user perspective? Can I use all Sun AM 7.1 beta docs for OpenSSO? If there are differences, what are they? (Added 12/8/2006)

Right now (Dec 8 2006), there are some deltas between AM 7.1 and OpenSSO. Due to schedules and logistics, work on AM 7.1 and OpenSSO proceeded in parallel. We are porting all AM 7.1 features and fixes to OpenSSO right now. For the most part, you can use AM 7.1 beta docs, but there are some differences:

  • Policy Agent 2.2 for Web Services. To be added to OpenSSO.
  • Java Management Extensions (JMX) support. To be added to OpenSSO.
  • There is no federation console in the Open Federation build of OpenSSO, although all federation features are present and configurable from the command line. We are migrating the entire console from JATO (Sun’s previous, proprietary web application framework) to JavaServer Faces (JSF) – the federation console will be the first to move over.
  • Numerous minor bug fixes and RFEs. To be added to OpenSSO.

New Access Manager articles on BigAdmin

Normal blogging service was disrupted somewhat by last week’s DIDW and IOS. Among many snippets in my ‘to blog’ pile, here are links to a couple of recent ‘hands-on’ articles from Sun’s BigAdmin site:

If this sort of stuff lights your fire, then you probably want to subscribe to the monthly BigAdmin newsletter.

Sun Java System Identity Manager 7.0 Launched

You might have already seen the news that Identity Manager 7.0 was announced last week at Digital ID World. As Mark, Bob and others have already given you the scoop on this, I’ll confine myself here to covering the deltas from the last version (Identity Manager 6 2005Q4):

  • Integrated audit capabilities (previously provided via Identity Auditor).
  • High-throughput extranet provisioning capabilities (previously provided via Identity Manager Service Provider Edition).
  • Policy-based ‘Periodic Access Review’ (PAR) – ‘who has access to what’.
  • Business Process Editor (BPE) rewritten as a NetBeans plugin.
  • A whole slew of tweaks, fixes and enhancements.
  • New Advanced Deployment training course – UPDATE – this course is not specific to Identity Manager 7.0 – it covers advanced topics relevant to IDM 5.5 and above.

So – if you’ve been looking for the industry leading identity provisioning, and auditing, solution look no further.

OpenSSO – the Brazilians are here!

Wow – I just received an email from Rodrigo Urubatan on the mailing list:

I have just wrote an step by step start up for OpenSSO in Portuguese. The link is here Do not know if I`ll use it yet, but I have loved this piece of software 😀

I’m blown away – we already have a truly global OpenSSO community. I guess this is what James Gosling refers to as ‘the Brazilian effect‘. (Actually, Google tells me that Jonathan coined that phrase in this blog posting, but you get the jist.)

Sun Developer Network Channel – Identity Management Month

Sun Developer Network‘s SDN Channel this month focuses on Identity Management. There’s a cool video featuring my esteemed colleague – Identity Guru Aravindan Ranganathan. Aravindan looks at some of the latest web services security features in Sun Java System Access Manager 7.1, bringing a new twist to that old staple web service sample – the stock ticker – by allowing only authenticated users to obtain real-time quotes. If you want to try this at home, the beta of Access Manager 7.1 is available now in the Java EE SDK download.

There’s a whole load more useful information (and a link to a short article I wrote on open source identity at Sun) in the SDN Show Notes.

OpenSSO T-Shirts and Meet Up Next Week at DIDW

We’ll be having an OpenSSO meet up next week at the Digital ID World Conference at the Santa Clara Marriott. We’ll meet at the Sun booth (#300, located at the front of the exhibit hall) at 6pm on Monday September 11th. Anyone registered on the OpenSSO project is welcome. After t-shirt distribution (see below) we’ll adjourn to the nearest bar.

We’ll also be giving away t-shirts (photo to follow – they’re arriving today) to OpenSSO participants (hint – sign up here!) throughout DIDW. Just come to the Sun booth, log in to the OpenSSO site to demonstrate your bona fides and claim your shirt.

See you next week!