I’ve been reading James McGovern’s Enterprise Architecture: Thought Leadership for some time now. I have to say, I disagree with James on a lot of things (for example…), but his entry today on ‘bell curve compensation’ is spot on. Just how do you compensate employees fairly where there are some teams of superstars, some ‘normal’ teams and some composed entirely of dim bulbs?
Back in March, Paul Bryan released the first version of the OpenID Extension for OpenSSO, implementing an OpenID Provider for OpenSSO, Sun’s open source single sign-on/access control/federation project. You might also recall that, at the beginning of this month, SSOCircle put this into production, enabling OpenID Provider services on their public identity provider.
Last night, Paul announced the second drop of his OpenID provider on OpenSSO’s developer mailing list. For those of you not subscribed, here is the full text of his announcement:
I have just checked-in the source to the OpenID provider 1.0 alpha2. The following are excerpts from the README file:
IntroductionThe OpenID provider provides a complete OpenID Authentication 1.1 protocol compliant identity provider implementation, complete with full support for OpenID Simple Registration Extension 1.0.
FeaturesThis release includes the following enhancements over 1.0 alpha1:
- Standalone web application as deployable WAR file
- OpenID message object model; supports future consumer implementation
- Trust management user interface (non-persistent trust decisions)
- Simple Registration Extension user interface
- On-the-fly l10n and i18n (English, French and German included)
- Full decoupling from authentication infrastructure through getUserPrincipal
- Integration with OpenSSO through servlet filter implementation
- Configurable OpenID identity regular expression pattern
- Configurable authentication provider principal mapping
- No more dependencies on OpenSSO internal classes
RoadmapThis is the second release in a planned series of releases. Version 1.0 alpha3 targets to include the following enhancements:
For more information, see:
- Persistent trust decisions (via pluggable persistence SPI)
- Persistent persona management and associated user interface
- Integration with other authentication infrastructures
- Response to errors through published openid.error mechanism
- Further refinement in preparation for OpenID 2.0 ratification
- Full supporting documentation
- Comprehensive logging
Paul C. Bryan
As soon as I get a chance, I need to go grab this and have a play…
More great stuff from Andreas Solberg on getting Open Federation/OpenSSO working on Caucho Resin
You may use this tool to decode, modify and encode an HTTP-REDIRECT SAML Request. If the request is signed, this will off course not work. The value must be urlencoded, this tool will urldecode for you. Just copy the parameter from the URL of your browser
Docs guy Michael Teger enumerates four deployment examples, including an end-to-end deployment of SAML 2.0 using Sun Java System Access Manager and Federation Manager
Andreas Solberg provides step-by-step instructions for deploying Open Federation for SAML 2.0. Updated April 25th 2007.
I’m in Brussels this week for the Liberty Alliance Plenary Meeting and IOS Brussels, but, back at the ranch in California, the Sun Developer Network folks have released another technical article on Access Manager: Achieving SSO With Sun Java System Access Manager and SAML, a look at how to integrate Access Manager with a third party application – in this case SAP NetWeaver Enterprise Portal 2004s – via SAML.
As you may recall from a previous blog entry, a little while ago, Martin Gee of ICSynergy (one of Sun’s system integrator partners, focussing on identity management, federation and SOA) blogged about some work he’d done integrating OpenSSO with CardSpace. He’s since written this up as an article for Sun Developer Network. It’s a great overview of both CardSpace and the mechanics of extending OpenSSO to support new authentication mechanisms.
It’s good to see folks innovating on OpenSSO, and it’s great to see them documenting their work like this.
OpenSSO docs guy Michael Teger nicely enumerates the shipping and upcoming versions of Sun’s access management products
Sun Access Manager policy agent doc writer John Domenichini’s take on Burton Group’s coverage of the Web access management market.
In a world of too many options and too little time, our obvious choice is to ignore the ordinary stuff. Marketing guru Seth Godin spells out why, when it comes getting our attention, bad or bizarre ideas are more successful than boring ones.
Back today after 10 days at Disney World in Florida. 1800 unread emails… Select All, Delete
Dennis shows how to get bash autocomplete working with the OpenSSO command line interface
Looks like Hu‘s been busy – not only has he deployed a sample SAML 2.0 service provider based on the SAML 2.0/PHP OpenSSO Extension (formerly known as Lightbulb), he’s also rolled out Paul’s OpenID code (another OpenSSO Extension). So, now you can go register at SSOCircle and use either SAML 2.0 or OpenID to authenticate to relying parties/service providers, all through the magic of OpenSSO. Cool!