Feeds

Sun sinks its teeth further into open source

Bites into identity management

3 Big data security analytics techniques

In July 2005, news emerged of Sun Microsystems' first foray into open source identity management with the Open Web Single Sign-On (OpenSSO) project.

Now, more than a year later, the project has been formally launched. Sun has kept to its word with OpenSSO and is releasing source code for the significant chunks of its Java System Access Manager required for web-based single sign-on, including session management, policy and federation as well as administration capabilities.

My thoughts on this announcement are the same as those of a year ago and I have seen nothing on the project site which causes me to change that.

This is a smart move by Sun. First, it continues the "participation age" theme promoted by CEO Jonathan Schwartz. Second, while web single sign-on is valuable both in terms of simplifying the user experience and easing user administration, the real opportunity lies in user provisioning, federated identity management, auditing for compliance etc.

When the project was first announced, Eric Leach, a Sun product manager, was quoted as saying: "The idea is that we're going to give developers the tools they need to build basic security into their internal Web infrastructures without additional cost."

In other words, OpenSSO provides customers with a free platform for Intranet-based single sign-on from which Sun can then build with its suite of identity management products offering higher value identity management capabilities.

Irrespective of Sun's motivations, organisations with any reasonably significant identity management initiative should dedicate at least a small amount of resource to investigate the project. Whether or not that investigation leads to deployment (and perhaps even project contribution!), this small investment should enhance their understanding based on exposure to what is a comprehensive and well-proven product in Access Manager.

But Sun didn't stop there. The company announced the OpenDS directory service project. Following the same logic as with OpenSSO and Access Manager, I assumed that OpenDS is the open sourcing of Sun's Java System Directory Server. My assumption was wrong!

OpenDS sets out to deliver a similar set of capabilities to Directory Server: directory, directory proxy, virtual directory and synchronisation but the project is starting from scratch. It is not exploiting its own Directory Server code base or other open source directory server initiatives, such as OpenLDAP, ApacheDS and Red Hat Fedora Directory Server.

The project FAQ provides some justification for these decisions, which can be boiled down to a combination of scope, licensing, and implementation language.

OpenDS is a very ambitious undertaking, extending as it does beyond the core identity data repository to provide capabilities, such as virtual directory and data synchronisation, required for a comprehensive identity data management layer. It is going to be years, rather than months, before the project is completed, so it comes as no surprise that Sun will continue to develop Directory Server and does not anticipate releasing any products based on OpenDS for at least 18 months - and even then they will be part of the Java Enterprise System.

My thoughts on OpenDS mirror those for OpenSSO. It furthers the company's open source commitments while providing a foundation for its higher value identity management suite, and is something which organisations should at least investigate.

There is an awful lot of open source activity in the world of identity management, what with Higgins, Bandit, Heraldry and OSIS. It will be interesting to see where these projects from Sun fit. The fact that Higgins (elements of which are part of Bandit) is an Eclipse project certainly won't make things easy with Sun dogmatically pursuing its NetBeans alternative.

Copyright © 2006 Macehiter Ward-Dutton

This article was originally published at IT-Analysis.com.

Top three mobile application threats

More from The Register

next story
This time it's 'Personal': new Office 365 sub covers just two devices
Redmond also brings Office into Google's back yard
Inside the Hekaton: SQL Server 2014's database engine deconstructed
Nadella's database sqares the circle of cheap memory vs speed
Oh no, Joe: WinPhone users already griping over 8.1 mega-update
Hang on. Which bit of Developer Preview don't you understand?
Microsoft lobs pre-release Windows Phone 8.1 at devs who dare
App makers can load it before anyone else, but if they do they're stuck with it
Half of Twitter's 'active users' are SILENT STALKERS
Nearly 50% have NEVER tweeted a word
Internet-of-stuff startup dumps NoSQL for ... SQL?
NoSQL taste great at first but lacks proper nutrients, says startup cloud whiz
IRS boss on XP migration: 'Classic fix the airplane while you're flying it attempt'
Plus: Condoleezza Rice at Dropbox 'maybe she can find ... weapons of mass destruction'
OpenSSL Heartbleed: Bloody nose for open-source bleeding hearts
Bloke behind the cockup says not enough people are helping crucial crypto project
Ditch the sync, paddle in the Streem: Upstart offers syncless sharing
Upload, delete and carry on sharing afterwards?
prev story

Whitepapers

Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.