OpenID at Sun

less than 1 minute read

Already lighting up the blogosphere this morning are posts from Tatsuo, Gerry, Rich and Scott all about Sun’s new OpenID Provider. Briefly, Sun is launching an OpenID Provider (OP) for all of its employees.

Why just employees? Well - there are any number of sites that offer OpenIDs, and anyone can start their own, but we wanted to try something different. With this service, we are exploring the use of OpenIDs in a business context - what could it mean to have an OpenID that says you are an employee of Sun Microsystems (or, for that matter, any company)? We’ll be learning over the next few weeks and months, and, of course, sharing the lessons with the wider community.

On the technical side, we are deploying the OpenSSO Extension for OpenID on OpenSSO. In case the bulbs aren’t lighting yet… this means that anyone can grab those components, do a little tweaking round the edges, and roll this out for themselves. In fact, that’s exactly what SSOCircle has done, but in a non-enterprise context.



Andreas Åkre Solberg

Hi Pat!


"what could it mean to have an OpenID that says you are an employee of Sun Microsystems (or, for that matter, any company)?"

In my opinion it does not matter whether the OpenID provider that says you are an employee of Sun is the OpenID provider at Sun. For a OpenID consumer it is totally irrelevant whether it is the official Sun OpenID Provider or if it is a free random open registration provider somewhere on the net. And this is where OpenID's goal is totally different from SAML thinking, and this is also where OpenID often is misunderstood.

That said, what you are gaining, and what is totally awsome for Sun employees is that you will get SSO between internal services and all those random openid consumers. (off course if the openid provider is the same as your saml idp).

I tried to sketch some of my ideas of what happens, and why, to put up OpenID interfaces to existing SAML IdPs, but I am no good at writing.


Sven Dowideit’s working on re-architecting TWiki’s authentication and session system to enable better support for external user management - for the upcoming TWiki 4.2.0 release in June, we should see OpenID support - at least for login, and registration - and later, TWiki will be able to be an OpenID providor too..

Jobs @ OpenSSO – March 2009 « Superpatterns

[…] Sun is hiring engineers for OpenSSO and related identity products - we have a number of positions spanning engineering, QA and UI design. If you read my blog regularly, you'll know that OpenSSO is hot stuff - open source single sign-on, federation and secure Web services, delivered as Sun OpenSSO Enterprise and used in deployments large and small. […]

Leave a Comment

Your email address will not be published. Required fields are marked *