Authorization with OpenSSO’s Identity Services

One new area of work in OpenSSO is Identity Services, allowing a developer to easily write code to authenticate users, check if those users are authorized to access resources, retrieve those users’ attributes etc. While all of this functionality has long been available in different forms, the new Identity Services work collects common identity tasks into an easy-to-use set of web services accessible via SOAP and REST. Now developers working in just about any language can join the identity party

Last month, Aravindan and Marina published a Sun Developer Network article showing how to use OpenSSO’s identity services for authentication. This month, Lakshman Abburi joins them to cover authorization with identity services. The identity services client from part 1 is extended to check whether the authenticated user should be allowed access to a given resource, in this example, a URL. Although the article focuses on Java and NetBeans, as I mention above, you can invoke identity services from just about anywhere. Go read the articles, have a play, and leave a comment here or there if you do something really cool.

OpenSSO and Liferay

Via James McGovern comes the news that Liferay Portal now supports OpenSSO. Prashant Dighe blogged the recipe for integrating OpenSSO with Liferay, and Brian Chan picked it up and rolled it into Liferay itself:

We just integrated the code snippets into Liferay so users can easily integrate with OpenSSO by just going to the Enterprise Admin portlet and entering the right settings. No more code or properties changes.

This sort of thing is just great to see – new OpenSSO integrations bubbling up from the community. Keep ’em coming!

I’m the Leader, I’m the Leader…

…I’m the Leader of the Gang (I Am)!!! I know – Gary Glitter has fallen long and hard, but it’s still a great song and appropriate for today – Gartner has placed Sun Java System Access Manager in the leader quadrant of their Magic Quadrant for Web Access Management, 2H07 [PDF]. I happen to think that they have under-rated us somewhat on our completeness of vision, but I can’t argue with the rating on ability to execute.

One thing worth mentioning is that one of the ‘cons’ listed for Sun – “Sun does not support ADFS/WS-Federation in its federation tools” – will be addressed in the next release – Federated Access Manager 8.0 – and is already in OpenSSO. So, if your existing infrastructure leans to the MS side, but you need world-class web access management, federation, identity web services and more, scoot on over to OpenSSO and take a look.

Slides from Liberty Tokyo and TriLUG

I’ve been back from Tokyo for a couple of weeks now and just realized that I haven’t posted slides from my presentation on OpenSSO, so here they are [PDF]. Many thanks to the Liberty Alliance Japan SIG for organizing this day – about 220 attendees heard the latest Liberty Alliance news, many of them stopping by my booth afterwards to see OpenSSO in action. Special shouts to Takashi and Tatsuo for making me so welcome in Tokyo, as always. Via Tatsuo, here are some pics from our excursion on the last night there – I’m the balding caucasian guy in the blue t-shirt

Moving on… the preso at TriLUG last night – ‘Digital Identity from LDAP to SAML and Beyond’ – went well – about 60 or so very technical attendees. When I asked how many people in the audience did NOT understand sequence diagrams, only a couple of hands went up, and I breathed a sigh of relief as I explained the basics.

A BIG thankyou to Andy Oliver and the rest of TriLUG for the invitation to speak – it’s a pleasure to talk to a well-informed, interested audience who are there by choice, not because it’s their job . As promised, here are the slides [PDF]. There should be some video at some point too; I’ll update this blog entry when it appears.

UPDATEogg and mp3 audio available. Listen to my voice gradually die due to the cold I’m suffering.

UPDATE 2 – thanks to Rich for the photo, and for providing accommodation at Pixelfodder Towers for the whole Patterson clan

UPDATE 3 – thanks to Takayuki for the photos from the Liberty Tokyo event. Here’s a nice one of Tatsuo and me.

So – where next? IIW2007b in Mountain View, December 3-5, then Javapolis, in Antwerp, December 10-14. That’ll be about it for 2007. Hopefully.

Adding My Voice to the 13949712720901ForOSX Chorus

If you are working with Java on OS X, then you are probably aware of 13949712720901ForOSX, a call for Apple to support Java 6 on Mac OS X Leopard.

My personal take on this (stressing the personal – despite my highly exalted position at Sun I have no insider knowledge) is that Java 6 was in Leopard at some point in time (witness the Java 6 developer preview download at ADC – long gone now). Apple put resources into iPhone at the expense of Leopard. I reckon that Java 6 was cut to bring in Leopard’s ship date, and Java 5 hastily put in its place, hence the Java 5 issues we are seeing.

All of this would be of little import, were Apple not dealing with a developer community that has become addicted to openness. Apple’s ruthless, consumer-oriented, information management just doesn’t work with this crowd. And, devoid of any official position from Apple, the community assumes the worst. It’s only a matter of time before the first blog entry appears alleging that Java 6 was dropped from Leopard because Steve Jobs spends too much time eating babies (oops – there it is! ).

I guess the first we’ll hear from Apple is when the download appears in Software Update. It can’t happen too soon…

Victory in the Sun-IBM Dopplr Challenge!

A couple of weeks ago, I posted on the challenge that James Governor of Redmonk (aka ‘Monkchips‘) set – “who is coolest from a Dopplr perspective- IBM or Sun?”. The idea was to see who could add the most Dopplr members over the next week – Sun or IBM. IBM, of course, have 10x the headcount that Sun have, but surely, surely, Sun are at least 10x cooler, from a Dopplr, or any other perspective…?

Well, the numbers are out, and the answer is… Sun! Of course! It was a close run thing, but we pulled it off. Now to celebrate by going and adding another trip to my Dopplr profileIIW 2007b in Mountain View, CA, December 3-5 2007.

Access Manager FAQs and Identity Services at Sun Developer Network

It’s been a busy couple of weeks, what with a trip to Tokyo, a typhoon on the day I flew out, an earthquake at home and the usual backlog of 1000 emails that follows any trip away from the office, so please excuse the recent dearth of blog entries!

On returning, I was pleased to see Sun Developer Network‘s identity pages have continued their expansion. The latest additions are:

Kudos to Marina and Aravindan for their tireless work on the Sun Developer Network identity pages – if you’re working with Sun Java System Access Manager and related products, you should definitely subscribe to the feed .