Sun/Microsoft Press Conference

1 minute read

Well - it’s done. I’ve been involved in the web single sign-on interoperability work with Microsoft since the beginning of the year - four and a half months of painstaking specification work, designing a demo, going on vacation while the real engineers built the demo (BIG kudos to Emily for the protocol work and Lauren for the web pages on our side, Ryan on the MS side - the demo worked flawlessly and looked great!) then a final flurry of work on the demo script and rehearsals for the big day.
Watch the webcast - I’m presenting the demo with Don Schmidt of Microsoft. There’s a press release (if that’s your sort of thing) and a factsheet. The actual specs are online at Sun and Microsoft. I’m not going to repeat any of that here. I will say that it is somewhat nerve-wracking giving a live presentation just 6 feet from Steve Ballmer and Scott McNealy! AND - there is no truth in the rumour that I am Steve Ballmer’s ‘good twin’…
I’ve read blogs and comments that represent this as Sun moving from open to proprietary standards. This is emphatically not the case. The big news, as I see it, is that customers now have a way to implement SSO with the upcoming Active Directory Federation Services that would otherwise not exist. These specifications are published and will be submitted to a standards process, so other identity management vendors can implement them or not as they see fit.

Updated:

Comments

I've read blogs and comments that represent this as Sun moving from open to proprietary standards. This is emphatically not the case.

Yeah, right, and that's why Sun engineers sneak off to Microsoft for a year without involving anybody else. That's why your fact sheet lists only Sun and Microsoft products as "products that support specifications".

which will subsequently be submitted to a standards organization for finalization and ratification as industry standards.

Just like with Java, eh?

Superpat

Well, loath as I am to rise to the troll’s bait, I feel I must respond to ‘202.157.176.102’s point about ‘sneaking off’.

  • Our Customers: Holy crap - Microsoft's going to release a federation product, and it won't support Liberty ID-FF or SAML 2.0. Will you support WS-Federation?
  • Us: A third federation spec? That duplicates the other two?
  • Our Customers: OK - we see your point, but we'll have to make this stuff work together somehow.
  • Us: Hmm - well, we just made peace with MS - let's see what we can do. Hey, MS - are you ready to join Liberty yet?
  • MS: We have no plans to join Liberty.
  • Us: SAML 2.0?
  • MS: Nope. We're committed to WS-Federation and the WS-* stack.
  • Us: OK. How about a way to make our stuff work together, at least.
  • MS: Let's talk about it.

So we did. And the sensitivity of the Sun/MS relationship (and the nature of MS) meant that those talks had to be in secret. The bottom line is that we did this for our customers. They don’t want to be hurting, trying to tie this stuff together themselves. We did what it took to get the job done. And if other vendors don’t like that, well, I won’t lose any sleep over it.

The bottom line is that we did this for our customers. [...] We did what it took to get the job done. And if other vendors don't like that, well, I won't lose any sleep over it.

Thanks for at least admitting it. I’m sorry that you don’t seem to understand why that kind of attitude angers people if it comes from a company that still pretends to be a leader in open systems and open standards.

Jaime Cardoso

I’m sorry Pat, I know this is your weblog but, please alow me to answer this last comment.
I can’t understand why “this kind of attitude angers people”. Are those people anger because RedHat now owns Netscape Directory Server? Last time I checked, Nscp Dir. Server didn’t follow the Ldap standard in dealing with Multi Master Replication.
Should RedHat leave Nscp customers out in a support limbo or should they continue to sell and improve the product while they try to integrate it in they’re business model (making it OSS, I presume)?

Superpat

Let’s be realistic here. We come to a settlement with MS. Our customers give us requirements that they expect to see fulfilled, now that we are no longer at war. Do we:

  • A - Work with Microsoft, in private if necessary, to define a mechanism for interoperability, publishing it as soon as its done and submitting it to a standards body at the earliest opportunity.
  • B - Reverse engineer some quasi-solution, needing more engineers, more time and resulting in something that kind of works, most of the time, until the next service pack from MS.

If you chose B, well, I hope I don’t hold stock in the company you work for.
Finally, to answer the earlier comment that the

fact sheet lists only Sun and Microsoft products as "products that support specifications".

Read the fact sheet carefully. It lists Sun and MS products that will support the specs. Neither Sun nor MS ship any product today that supports the new specs. They are published now, and open for other vendors to implement. It’s entirely possible that one or more other vendors might beat both Sun and MS to market.

Our customers give us requirements that they expect to see fulfilled, now that we are no longer at war

Yes, you are no longer at war, your customers need something, you got your $2bn, screw the rest of the industry. Just listen to yourself and face the facts: Sun is no open systems leader anymore, it's a company 1/5th the size of Dell that is primarily concerned with its own short-term survival. Sun's claims to the contrary are merely an unnecessary distraction for people who still believe in open systems. The sooner you drop those claims, the sooner everybody can move on.

If you chose B, well, I hope I don't hold stock in the company you work for.

What an embarrassing statement for Sun: you think the only two options are two collaborate with Microsoft or reverse engineer them. In any case, I work for a small consulting firm; we aren't even publicly traded. Maybe you should be more concerned about the stock of the company you work for.

So what are the licensing implications of these protocols since they were clearly developed to suit? Sun/MSFT products (and not the broader market)? Is it RANDZ, RAND, RF or something else?

Superpat

Quoting from the PDFs (located here and here):

Microsoft and Sun (collectively, the “Co-Developers”) each agree to grant you a license, under royalty-free and otherwise reasonable, non-discriminatory terms and conditions, to their respective essential patent claims that are necessary to implement the Specification.

Which makes it RANDZ, I guess.

No that would be RAND and NOT RANDZ (which is zero fee). What are the RAND conditions to get the license? Do other vendors have to ‘register’ with Sun/MSFT for the RAND license and thereby disclose their own protocol support plans (which is deemed private and confidential by them). The specs you announced are proprietary and not a ratified open standard.

Superpat

Doesn’t the ‘royalty-free’ bit add the ‘Z’?
You are correct in that these are currently proprietary standards, but both Sun and Microsoft have publicly committed to submit them to an appropriate standards body.
I will find out about any requirements for other vendors to register for the RAND license and post another comment.

Mark Wahl

Hello Pat,

Thanks for sending out the pointers to these. I note the Web Single Sign-On Metadata Exchange Protocol document states:

"The authors hope to solicit your contributions and suggestions in the near future."

At present, the authors do not appear to have a means to receive solicited comments, as I haven't been able to find a discussion board, mailing list, developer's area etc. mentioned either in this document, or in the SDN or MSDN developer pages linking to the document.

(The other specification, in contrast, does provide contact info for at least a subset of its authors.)

I found what might be a minor mistake (missing word?) in this document, and was wondering if there was going to be an errata page for this specification, to track reviewer and implementation issues?

Thanks in advance,

Mark Wahl
Informed Control Inc.

Superpat

Do other vendors have to 'register' with Sun/MSFT for the RAND license and thereby disclose their own protocol support plans (which is deemed private and confidential by them).

You would not require a license in advance of actually bringing your product to market. So, you can go start work on implementing your product, beaver away for several weeks/months/years, and only come to Sun/Microsoft to get your (RANDZ - so we can’t turn you down or charge money) license when you’re about to ship - say - when you do a marketing launch, and it’s going public anyway.

Leave a Comment

Your email address will not be published. Required fields are marked *

Markdown is supported.

You May Also Enjoy