OpenSSO: "It’s alive! Alive, I tell you!"

1 minute read

Where does that line come from? I just tried googling using the Google search engine to search for it, and all I get is usage, no citation…

Anyway - the point of this post is that we have ‘thrown the switch’ on OpenSSO - we are turning on write access to the source tree. Here is the text of the official announcement:

Welcome to the official launch of the OpenSSO project and community site. OpenSSO is an open source access management software distribution that provides the means to build authentication, authorization, and session management for Java and web applications and web services. OpenSSO is the result of a close collaboration between a community of developers and Sun engineers working to promote the evaluation, use, and innovation of identity and access management technology. And, since Sun will be basing the Sun Java System Access Manager product on OpenSSO, eventually everything that is committed to the OpenSSO source will end up running in real, production deployments.

So what happened today? In simple terms, we are finally turning on full read and write access to the source code. What does that mean for you, the developer?

Through the OpenSSO project site, we invite you to participate in the development process by reviewing source code, providing input on features, submitting bug fixes, requesting new functionality, and spearheading other improvements. You can check out source. You can download and deploy the J2EE web application archive. You can break it, fix it, write about it, and talk about it. Or, simply join in the technical discussions.

We thank you for participating.

Right now we are assembling the initial list of committers - mostly the Sun engineers that built Access Manager and OpenSSO, but also likely some external folks with a history of working Access Manager at a low level.

If you’d like to get more deeply involved with OpenSSO, perhaps even to the extent of submitting code and then even becoming a committer, check out the governance.




Hi Masood - I've really not spent enough time looking at OpenID (it's on my todo list to do some more). One nugget for you - the OpenID folks were at IOS Vancouver, where there was good discussion on the differing design points of OpenID vs SAML, and a commitment (in this session) from both sides to try to meet in the middle.

j domenichini

“It’s alive! Alive, I tell you!” Your not the only one remembering it that way. Seems you’ve verified usage that way already. - I was certain it was some iteration of Frankenstein’s monster. Who am I?


Hi Neal - (1) No - I don’t know of such a beast, but it might be possible to create one using the web agent code as a basis. (2) I’m not sure they should. If CAS is working for you, then great, leave it alone. If you want integration with Java EE declarative and programmatic security, a bundle of agents for common containers, federation via SAML and Liberty ID-FF (coming soon) and even web services security via WS-I BSP and Liberty ID-WSF (again, coming soon), then you may well want to consider OpenSSO. (I’m not an expert on CAS, but, as far I can see, it doesn’t supply any of these).

Leave a Comment

Your email address will not be published. Required fields are marked *