Feeds

Sun sinks its teeth further into open source

Bites into identity management

SANS - Survey on application security programs

In July 2005, news emerged of Sun Microsystems' first foray into open source identity management with the Open Web Single Sign-On (OpenSSO) project.

Now, more than a year later, the project has been formally launched. Sun has kept to its word with OpenSSO and is releasing source code for the significant chunks of its Java System Access Manager required for web-based single sign-on, including session management, policy and federation as well as administration capabilities.

My thoughts on this announcement are the same as those of a year ago and I have seen nothing on the project site which causes me to change that.

This is a smart move by Sun. First, it continues the "participation age" theme promoted by CEO Jonathan Schwartz. Second, while web single sign-on is valuable both in terms of simplifying the user experience and easing user administration, the real opportunity lies in user provisioning, federated identity management, auditing for compliance etc.

When the project was first announced, Eric Leach, a Sun product manager, was quoted as saying: "The idea is that we're going to give developers the tools they need to build basic security into their internal Web infrastructures without additional cost."

In other words, OpenSSO provides customers with a free platform for Intranet-based single sign-on from which Sun can then build with its suite of identity management products offering higher value identity management capabilities.

Irrespective of Sun's motivations, organisations with any reasonably significant identity management initiative should dedicate at least a small amount of resource to investigate the project. Whether or not that investigation leads to deployment (and perhaps even project contribution!), this small investment should enhance their understanding based on exposure to what is a comprehensive and well-proven product in Access Manager.

But Sun didn't stop there. The company announced the OpenDS directory service project. Following the same logic as with OpenSSO and Access Manager, I assumed that OpenDS is the open sourcing of Sun's Java System Directory Server. My assumption was wrong!

OpenDS sets out to deliver a similar set of capabilities to Directory Server: directory, directory proxy, virtual directory and synchronisation but the project is starting from scratch. It is not exploiting its own Directory Server code base or other open source directory server initiatives, such as OpenLDAP, ApacheDS and Red Hat Fedora Directory Server.

The project FAQ provides some justification for these decisions, which can be boiled down to a combination of scope, licensing, and implementation language.

OpenDS is a very ambitious undertaking, extending as it does beyond the core identity data repository to provide capabilities, such as virtual directory and data synchronisation, required for a comprehensive identity data management layer. It is going to be years, rather than months, before the project is completed, so it comes as no surprise that Sun will continue to develop Directory Server and does not anticipate releasing any products based on OpenDS for at least 18 months - and even then they will be part of the Java Enterprise System.

My thoughts on OpenDS mirror those for OpenSSO. It furthers the company's open source commitments while providing a foundation for its higher value identity management suite, and is something which organisations should at least investigate.

There is an awful lot of open source activity in the world of identity management, what with Higgins, Bandit, Heraldry and OSIS. It will be interesting to see where these projects from Sun fit. The fact that Higgins (elements of which are part of Bandit) is an Eclipse project certainly won't make things easy with Sun dogmatically pursuing its NetBeans alternative.

Copyright © 2006 Macehiter Ward-Dutton

This article was originally published at IT-Analysis.com.

3 Big data security analytics techniques

More from The Register

next story
OpenBSD founder wants to bin buggy OpenSSL library, launches fork
One Heartbleed vuln was too many for Theo de Raadt
Got Windows 8.1 Update yet? Get ready for YET ANOTHER ONE – rumor
Leaker claims big release due this fall as Microsoft herds us into the CLOUD
This time it's 'Personal': new Office 365 sub covers just two devices
Redmond also brings Office into Google's back yard
Patch iOS, OS X now: PDFs, JPEGs, URLs, web pages can pwn your kit
Plus: iThings and desktops at risk of NEW SSL attack flaw
Ubuntu 14.04 LTS: Great changes, but sssh don't mention the...
Why HELLO Amazon! You weren't here last time
Next Windows obsolescence panic is 450 days from … NOW!
The clock is ticking louder for Windows Server 2003 R2 users
Batten down the hatches, Ubuntu 14.04 LTS due in TWO DAYS
Admins dab straining server brows in advance of Trusty Tahr's long-term support landing
Red Hat to ship RHEL 7 release candidate with a taste of container tech
Grab 'near-final' version of next Enterprise Linux next week
Apple inaugurates free OS X beta program for world+dog
Prerelease software now open to anyone, not just developers – as long as you keep quiet
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mainstay ROI - Does application security pay?
In this whitepaper learn how you and your enterprise might benefit from better software security.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.