Feeds

Sun sinks its teeth further into open source

Bites into identity management

Security and trust: The backbone of doing business over the internet

In July 2005, news emerged of Sun Microsystems' first foray into open source identity management with the Open Web Single Sign-On (OpenSSO) project.

Now, more than a year later, the project has been formally launched. Sun has kept to its word with OpenSSO and is releasing source code for the significant chunks of its Java System Access Manager required for web-based single sign-on, including session management, policy and federation as well as administration capabilities.

My thoughts on this announcement are the same as those of a year ago and I have seen nothing on the project site which causes me to change that.

This is a smart move by Sun. First, it continues the "participation age" theme promoted by CEO Jonathan Schwartz. Second, while web single sign-on is valuable both in terms of simplifying the user experience and easing user administration, the real opportunity lies in user provisioning, federated identity management, auditing for compliance etc.

When the project was first announced, Eric Leach, a Sun product manager, was quoted as saying: "The idea is that we're going to give developers the tools they need to build basic security into their internal Web infrastructures without additional cost."

In other words, OpenSSO provides customers with a free platform for Intranet-based single sign-on from which Sun can then build with its suite of identity management products offering higher value identity management capabilities.

Irrespective of Sun's motivations, organisations with any reasonably significant identity management initiative should dedicate at least a small amount of resource to investigate the project. Whether or not that investigation leads to deployment (and perhaps even project contribution!), this small investment should enhance their understanding based on exposure to what is a comprehensive and well-proven product in Access Manager.

But Sun didn't stop there. The company announced the OpenDS directory service project. Following the same logic as with OpenSSO and Access Manager, I assumed that OpenDS is the open sourcing of Sun's Java System Directory Server. My assumption was wrong!

OpenDS sets out to deliver a similar set of capabilities to Directory Server: directory, directory proxy, virtual directory and synchronisation but the project is starting from scratch. It is not exploiting its own Directory Server code base or other open source directory server initiatives, such as OpenLDAP, ApacheDS and Red Hat Fedora Directory Server.

The project FAQ provides some justification for these decisions, which can be boiled down to a combination of scope, licensing, and implementation language.

OpenDS is a very ambitious undertaking, extending as it does beyond the core identity data repository to provide capabilities, such as virtual directory and data synchronisation, required for a comprehensive identity data management layer. It is going to be years, rather than months, before the project is completed, so it comes as no surprise that Sun will continue to develop Directory Server and does not anticipate releasing any products based on OpenDS for at least 18 months - and even then they will be part of the Java Enterprise System.

My thoughts on OpenDS mirror those for OpenSSO. It furthers the company's open source commitments while providing a foundation for its higher value identity management suite, and is something which organisations should at least investigate.

There is an awful lot of open source activity in the world of identity management, what with Higgins, Bandit, Heraldry and OSIS. It will be interesting to see where these projects from Sun fit. The fact that Higgins (elements of which are part of Bandit) is an Eclipse project certainly won't make things easy with Sun dogmatically pursuing its NetBeans alternative.

Copyright © 2006 Macehiter Ward-Dutton

This article was originally published at IT-Analysis.com.

Providing a secure and efficient Helpdesk

More from The Register

next story
New 'Cosmos' browser surfs the net by TXT alone
No data plan? No WiFi? No worries ... except sluggish download speed
'Windows 9' LEAK: Microsoft's playing catchup with Linux
Multiple desktops and live tiles in restored Start button star in new vids
iOS 8 release: WebGL now runs everywhere. Hurrah for 3D graphics!
HTML 5's pretty neat ... when your browser supports it
'People have forgotten just how late the first iPhone arrived ...'
Plus: 'Google's IDEALISM is an injudicious justification for inappropriate biz practices'
Mathematica hits the Web
Wolfram embraces the cloud, promies private cloud cut of its number-cruncher
Mozilla shutters Labs, tells nobody it's been dead for five months
Staffer's blog reveals all as projects languish on GitHub
SUSE Linux owner Attachmate gobbled by Micro Focus for $2.3bn
Merger will lead to mainframe and COBOL powerhouse
iOS 8 Healthkit gets a bug SO Apple KILLS it. That's real healthcare!
Not fit for purpose on day of launch, says Cupertino
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
The next step in data security
With recent increased privacy concerns and computers becoming more powerful, the chance of hackers being able to crack smaller-sized RSA keys increases.