Feeds

Sun sinks its teeth further into open source

Bites into identity management

Reducing security risks from open source software

In July 2005, news emerged of Sun Microsystems' first foray into open source identity management with the Open Web Single Sign-On (OpenSSO) project.

Now, more than a year later, the project has been formally launched. Sun has kept to its word with OpenSSO and is releasing source code for the significant chunks of its Java System Access Manager required for web-based single sign-on, including session management, policy and federation as well as administration capabilities.

My thoughts on this announcement are the same as those of a year ago and I have seen nothing on the project site which causes me to change that.

This is a smart move by Sun. First, it continues the "participation age" theme promoted by CEO Jonathan Schwartz. Second, while web single sign-on is valuable both in terms of simplifying the user experience and easing user administration, the real opportunity lies in user provisioning, federated identity management, auditing for compliance etc.

When the project was first announced, Eric Leach, a Sun product manager, was quoted as saying: "The idea is that we're going to give developers the tools they need to build basic security into their internal Web infrastructures without additional cost."

In other words, OpenSSO provides customers with a free platform for Intranet-based single sign-on from which Sun can then build with its suite of identity management products offering higher value identity management capabilities.

Irrespective of Sun's motivations, organisations with any reasonably significant identity management initiative should dedicate at least a small amount of resource to investigate the project. Whether or not that investigation leads to deployment (and perhaps even project contribution!), this small investment should enhance their understanding based on exposure to what is a comprehensive and well-proven product in Access Manager.

But Sun didn't stop there. The company announced the OpenDS directory service project. Following the same logic as with OpenSSO and Access Manager, I assumed that OpenDS is the open sourcing of Sun's Java System Directory Server. My assumption was wrong!

OpenDS sets out to deliver a similar set of capabilities to Directory Server: directory, directory proxy, virtual directory and synchronisation but the project is starting from scratch. It is not exploiting its own Directory Server code base or other open source directory server initiatives, such as OpenLDAP, ApacheDS and Red Hat Fedora Directory Server.

The project FAQ provides some justification for these decisions, which can be boiled down to a combination of scope, licensing, and implementation language.

OpenDS is a very ambitious undertaking, extending as it does beyond the core identity data repository to provide capabilities, such as virtual directory and data synchronisation, required for a comprehensive identity data management layer. It is going to be years, rather than months, before the project is completed, so it comes as no surprise that Sun will continue to develop Directory Server and does not anticipate releasing any products based on OpenDS for at least 18 months - and even then they will be part of the Java Enterprise System.

My thoughts on OpenDS mirror those for OpenSSO. It furthers the company's open source commitments while providing a foundation for its higher value identity management suite, and is something which organisations should at least investigate.

There is an awful lot of open source activity in the world of identity management, what with Higgins, Bandit, Heraldry and OSIS. It will be interesting to see where these projects from Sun fit. The fact that Higgins (elements of which are part of Bandit) is an Eclipse project certainly won't make things easy with Sun dogmatically pursuing its NetBeans alternative.

Copyright © 2006 Macehiter Ward-Dutton

This article was originally published at IT-Analysis.com.

The Power of One eBook: Top reasons to choose HP BladeSystem

More from The Register

next story
NO MORE ALL CAPS and other pleasures of Visual Studio 14
Unpicking a packed preview that breaks down ASP.NET
Captain Kirk sets phaser to SLAUGHTER after trying new Facebook app
William Shatner less-than-impressed by Zuck's celebrity-only app
Apple fanbois SCREAM as update BRICKS their Macbook Airs
Ragegasm spills over as firmware upgrade kills machines
Cheer up, Nokia fans. It can start making mobes again in 18 months
The real winner of the Nokia sale is *drumroll* ... Nokia
Mozilla fixes CRITICAL security holes in Firefox, urges v31 upgrade
Misc memory hazards 'could be exploited' - and guess what, one's a Javascript vuln
Put down that Oracle database patch: It could cost $23,000 per CPU
On-by-default INMEMORY tech a boon for developers ... as long as they can afford it
Google shows off new Chrome OS look
Athena springs full-grown from Chromium project's head
Apple: We'll unleash OS X Yosemite beta on the MASSES on 24 July
Starting today, regular fanbois will be guinea pigs, it tells Reg
prev story

Whitepapers

Top three mobile application threats
Prevent sensitive data leakage over insecure channels or stolen mobile devices.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.