Month: December 2008

I mentioned part 1 of ‘Protecting Applications With Jave EE Policy Agents’ at the beginning of this month; this week sees part 2, with Hua Cui joining Sean and Marina to give more detail on how to deploy OpenSSO’s Java EE Policy Agents for single sign-on within a single DNS domain, configuring several sample Java EE Web applications and having OpenSSO provide single sign-on between them.

And, with that, I’m taking a break until 2009. It’s been an amazing year for OpenSSO – we shipped our first Express release in July, and our first fully supported commercial release, OpenSSO Enterprise 8.0, in November. We’ve seen integrations with systems from ActivIdentity 4TRESS to YubiKey (YubiKey was the closest I could get to ‘Z’ 🙂 ) and deployments from ACA/Telenet to Yota. Dang it! Isn’t there anything OpenSSO-related that begins with ‘Z’?

Meanwhile, on the community side, the number of registered project members has risen from about 550 at the start of 2008 to over 900 today, while the monthly traffic on the OpenSSO Users mailing list has gone up from around 200 messages a month to nearly a thousand. Even the IRC channel is buzzing now, with contributors from Minsk to Shanghai talking OpenSSO around the clock. If you haven’t yet dipped your toes in the OpenSSO water, perhaps now’s the time to get started?

From Japan, news that Nomura Research Institute (NRI), a consulting and IT solution services company spun off from Nomura Securities, are offering support and services for OpenSSO [Japanese press release] [Google translation to English], including OpenID for cross-enterprise authentication.

As well as being a big endorsement for OpenSSO, this event marks its graduation as an open source project – it’s definitely no longer ‘just a Sun thing’.

Welcome, NRI! We look forward to your contributions to OpenSSO!

It’s been a while since the last tab sweep – lots of news since then, such as the OpenSSO Enterprise 8.0 release, that’s kept me busy both here on the blog and ‘in real life’ (if there is such a thing any more!). Anyway, here are some of the titbits I’ve been saving for a tab sweep blog post:

• I posted another OpenSSO adoption story to the Stories blog this morning: ACA IT-Solutions deploys OpenSSO at Telenet for fine-grained access control. You might remember I blogged about Telenet a little while ago, well, when we started covering OpenSSO on the Stories blog, Serge Craeghs of ACA IT-Solutions kindly completed the questionnaire for the Telenet deployment, with all sorts of juicy details – read all about it.
• Another nifty feature of MarkMail – project-based homepages. Just go to http://opensso.markmail.org/ and you can search and browse just the OpenSSO mailing lists. Very cool!
• Bert van Beeck writes about using SAML 1.x or SAML 2.0 to authenticate SharePoint users, with OpenSSO acting as a bridge between the Belgian Federal Authentication Service – FAS (a SAML 1.1 identity provider) and Microsoft SharePoint (which can speak WS-Federation, but not plain SAML 1.1).
• On The Open Road, David Goldsmith explains how to work around issues in GlassFish V3 Prelude’s cookie handling to allow OpenSSO to work correctly, with a nod to Dennis’ diagnosis of the problem.
• Although the Fedlet has been available for Java EE platforms for some time now, it’s always been our intention to support .Net also, so it’s great to see Rajeev Angal putting together a .Net Fedlet prototype. Give it a try and let Rajeev know how it goes.
• Rajeev strikes again, alongside Marina Sum, with a Sun Developer Network article on Federated Single Sign-On for Salesforce in OpenSSO. It’s amazing how easy these integrations are now that SAML has become so widespread. There might just be something to these ‘standards’ we keep hearing about 🙂
• Over at Core Security Patterns, Ramesh Nagappan tantalizes us with a glimpse of a solution composed of Match-to-SmartCard PKI and Biometric authentication – starring OpenSSO in “multi-factor authentication based Web SSO that uses on-card credentials (PIN + PKI + Biometrics) using PIV card.” More details, please, Ramesh!
• Finally, John Willis‘ CloudDroplets #20 podcast covers the ‘OpenSSO in the Clouds‘ presentation I gave this week at the AWSome Atlanta Meetup. Thanks again for the invitation to speak, John, I had a blast!

Well – that wraps things up for this week. Don’t forget to vote for OpenSSO in the SOA World Readers’ Choice Awards!!!

SOAWorld have extended the closing date for votes in their Readers’ Choice Awards until the end of the year – Dec 31st. And IBM DataPower has pulled ahead of Sun Access Manager/OpenSSO, by 540 votes to 345.

So… We NEED your vote… If you haven’t voted already, go now and vote for OpenSSO in the Best Security Solution category. You could also vote for GlassFish in Best App Server and NetBeans in Best IDE, but I’m calling for votes for OpenSSO!!!

PLEASE – go vote now. And tell your friends. Vote, vote, vote!!!

I just presented OpenSSO in the Clouds [PDF] at the December meeting of AWSome Atlanta, a technology meetup to discuss Amazon EC2, S3 and other cloud technology. John Willis, Michael Coté‘s co-conspirator on the Redmonk IT Management Podcast, invited me to speak here after Daniel and I did a video interview with Coté a couple of months ago. A nice bunch of folks here in Atlanta, pretty technical but very focused on the practical aspects of deployment. I promised I’d post my slides, so here they are.

This is also the point at which I’ll switch off the OpenSSO Amazon EC2 instance I created in preparation for tonight’s event. As I mentioned in my presentation – watch this space for further developments around OpenSSO and the cloud!