OpenSSO Community Passes 700 Members

Over the past few days, the number of participants registered at passed the 700 mark. It was almost exactly a year ago that we passed 400, so we’re currently adding new members at the rate of nearly one a day!

Just to clarify, you can download the OpenSSO binaries and check out the source code without any kind of sign-up whatsoever. You only need to register to file issues, subscribe to the mailing lists and start submitting patches.

It’s not always obvious how the account and OpenSSO membership are related, so here’s a quick 3-step guide to getting onto the OpenSSO mailing lists:

1. Register for a account.
2. Request ‘Observer’ role on OpenSSO.
3. Subscribe to ‘’ and/or ‘’.

Both of these mailing lists are moderated – subscribers’ emails go straight to the list, but emails from non-subscribers go into a moderation queue. If you are posting to the OpenSSO lists and wondering why your email hasn’t appeared yet, ensure you are using the email account you registered in step 1!

There are many other ways to participate in the OpenSSO community – here’s a round-up:

OpenSSO Wiki – read and write about OpenSSO
OpenSSO IRC Channel – chat about OpenSSO
OpenSSO CafePress Store – wear OpenSSO
OpenSSO @ Ohloh – delve into OpenSSO’s stats
OpenSSO Facebook Group – decorate your profile
OpenSSO LinkedIn Group – network with other OpenSSO’ers
OpenSSO Plaxo Group – network with even more OpenSSO’ers
OpenSSO Xing Group – network with (mostly) European OpenSSO’ers

OWASP Bay Area Meeting – June 25th 2008

Prompted by James, I signed up a little while ago to the OWASP Bay Area chapter, keen to learn more about application security, both in hardening OpenSSO and Access Manager and in how those projects/products can contribute to securing applications. Well, whaddya know, the next meeting is a half day Application Security Summit at the Microsoft facility in Mountain View next Wednesday, when I’ll be out of town. Keen as I am to attend OWASP, I think the Jazoon folks would be a little upset if I didn’t show up for my session on OpenSSO, so I’ll have to be content with encouraging folks in the Bay Area to attend – all the details are here and, apparently, space is limited, so if you’re interested, sign up now!

From the Trenches – Virtual Federation: a Pioneering Way for Exchanging Authentication

The Sun Developer Network‘s Marina Sum spent some time recently talking to my fellow Federated Access Manager architect Rajeev Angal about Virtual Federation, a new feature forthcoming in Sun Federated Access Manager 8.0 (but available now, of course, in OpenSSO). Virtual Federation promises to simplify federation by allowing legacy applications to interact across enterprise boundaries via a SAML ‘tunnel’.

Read the interview for an overview of Virtual Federation; this article has the gory details under the old name ‘Secure Attribute Exchange’.