Friday Feb 29, 2008

Identity Management, FAM 8, Policy Agent 3.0, and Glory

In the following blog entry, Policy Agent 2.2 With Access Manager 7.1, I compared Policy Agent 2.2 to marathon runner Derek Clayton because they both exemplify high endurance. Well, I have another similar comparison to make. This comparison has to do with Sun's Identity Management suite and Sun's attitude toward identity management in general.

First, let me give you a little Sun identity management background:

Sun Java Identity Manager continues to be the absolute power house in user provisioning:

Moreover, Gartner has also just placed Sun in the Magic Quadrant for the web access management (WAM) market: Magic Quadrant for Web Access Management

That puts Sun in the leader's pack. However, with Federated Access Manager 8.0 coming out, including Policy Agent 3.0, Sun's is getting ready to break from the pack.

Okay, so given that background, if Sun's identity management suite were a runner, it would be this runner:

Paula Radcliffe, New York Marathon 2007

I'm talking about the leader in this photo. She's Paula Radcliffe, the British long distance runner. Her personal best in the marathon is the world record of 2 hours 15 minutes and 25 seconds. There are very few men in the U.S. today that could run that fast. The second fastest time by a women is more than three minutes slower than that.

Some years back, amongst the most elite, Paula was a middle of the pack runner. Her running form has even been criticized. She kind of bobbles her head when she runs. But she persevered. She analyzed everything about her diet and training and tried new things. Icing down her legs after a training run, weight training, physical therapy, shoes, clothing, you name it. She even looked at the bobble of her head before deciding not to tweak that particular aspect of her running form. Her improvement was slow and steady and she kept tweaking things here and there until she became best of the best. Still, she's had disappointments. She doesn't win every single race she enters. She was struggling during the 2004 Olympics and dropped out at around the 23 mile mark. Recently, she had a baby and tried to come back real quick but found that she had to take her time. She seems to be back in form, though, winning the New York Marathon in 2007. She'll be competing in the 2008 Olympics in Beijing. Her future is looking bright. So, yeah, Sun's identity management suite is a bit like that.

Sun's commitment to identity management has been clear to me in a visceral sense for years. However, I never could articulate that importance until about a year back. I was reading the white paper Positioning Federated Identity For The UK Government by Sun's very own Robin Wilton, when suddenly there it was:

Sun's vision and the role of identity

Sun is known for its original corporate vision that “the network is the computer”, a vision since supplemented with the idea of “everything of value connected to the network”. There is a strong
technological dimension to Sun's vision statements - but they are also important for what they imply about identity, authentication, authorisation, access control, trust and privacy. The more we assume that everything of value is connected to the network, the more vital it is that identity, appropriate access and online trust form the foundations of online service provision.

I couldn't have said it better myself. And trust me, I tried. That's it. That's why Sun must succeed in the identity management space. I would say the importance of identity management to Sun is something along these lines:

By hook or by crook, through hell and high water, Sun absolutely, positively must ensure that the identity management available for Sun systems is top notch, best of breed, as good as it gets. Sun's very survival depends on it.

It's an attitude. I imagine that Paula Radcliffe feels driven in a similar fashion. Her very survival isn't at risk, and yet her status as the greatest female runner in the world is. So, in such a situation, you search for what works and you do it. For Sun, it means embracing open source and embracing non-Sun platforms, R&D, acquisitions, blood, sweat, and tears: experiment, tweak, pay attention, analyze, repeat. You don't win them all, but you always keep a can-win attitude, and you learn. Then you go back to the drawing board: experiment, tweak, pay attention, analyze, repeat.

When it comes to web access management, Sun has been very attentive to the market and is incorporating big changes in Federated Access Manager 8.0 and Policy Agent 3.0.

Daniel Raskin explained a great deal of this in two blog entries about the FAM 8 roadmap back in September:

Especially since Access Manager and Federation Manager are being combined in FAM 8, there's a huge emphasis on simplifying the customer experience. I write Policy Agent documentation, and Policy Agent 3.0 is the new version of Policy Agent that coincides with FAM 8. The big, big thing here is that FAM 8 provides centralized agent management with Policy Agent 3.0. This is huge. Customers have had to manage agents one at a time in the deployment container. Still Sun has had a very competitive product. With centralized agent management, Sun is really charging forward. Just saying "centralized agent management" is not enough to explain all the effort going into the agents to make them simpler to manage in so many ways. In time, you will see many things about Policy Agent 3.0 to be happy about. For now, here are a couple links to help you monitor what's going on with Policy Agent 3.0:

That first link above provides a lot of info, including some installation information.

In the Paula Radcliffe analogy, at this time, Sun is running amongst the front runners of the elite pack and is starting to focus on key factors that will launch it out to the very front with room to spare. Therefore, I'd say that in the identity management space, Sun hasn't yet run it's 2 hour 15 minute and 25 second marathon, but it's coming up real soon. Just as I wouldn't bet against Paula Radcliffe in Beijing in 2008, I wouldn't bet against Sun in the identity management space, in fact all indications are that Sun's the endurance athlete to beat in this race.

Monday Jul 09, 2007

Access Manager Policy Agent 2.2 & OpenSSO

I blogged about the OpenSSO project a while back, thusly: Open Source: Access Manager and Beyond

Well, it's not going away. Open source at Sun is for real and identity management has been moving full force ahead into the open source community.

I'm not perfectly clear on the info in this entry. Therefore, I might come back here to change things if I have my facts wrong, which is quite possible. I could use the community's input here more than usual. Please comment on this blog if you think you can help. Thanks.

Introduction to Policy Agent 2.2 & OpenSSO

As goes OpenSSO, so goes Policy Agent: That somewhat cryptic sentence means a few things, but one thing it means is that new happenings with Policy Agent (same for Access Manager and Federation Manager) are showing up on the OpenSSO site first. Discussions, bugs ("bugs" are called "issues" in the OpenSSO project), hints and clues to what's coming up: if they're to be had at all, they are out there.

Let me go over some of the reasons why you might want to continue to read this entry:

  1. To find out what's up and coming in Policy Agent 2.2
  2. To find out about Sun Java System Access Manager Policy Agent 2.2 for Sun Java Web Server 7.0
  3. To get a sense of how open & transparent Policy Agent is, as part of the OpenSSO project
  4. To learn how to get basic (unofficial) Policy Agent 2.2 install instructions for an agent before it's released (or even after it's released).

Being the technical writer for Sun Java System Access Manager Policy Agent, I tend to pay attention to agents in the Policy Agent software set. Well, they've been going open source for a little while now. It seems that all new agents will be part of the OpenSSO project.

So, new agents in the Policy Agent 2.2 software set are open sourced. Conceivably, you could contribute code to these agents. Even those of you who are not interested in contributing code to any of the agents in the Policy Agent software set, might have some interest in seeing what's going on with the upcoming agents.

What's Up and Coming in Policy Agent 2.2

If your question is, "Will a new agent be coming out for the Jin Web Server 12.7 (this is a fictitious web server name)?" Chances are that if the Jin Web Server isn't mentioned on OpenSSO, an agent in the Policy Agent software set will not be available for the Jin Web Server anytime soon. More specifically, if you see agent for Jin Web Server in the Nightly Builds, you'll know that the agent's release is probably imminent. Now, if you will be contributing code to the agents, then you'll love this stuff; but even if you aren't, there's info to be gleaned from this nightly build stuff, so you should at least "like" this stuff.

Policy Agent Builds on the OpenSSO Site

First let me run through how to view/access Nightly Builds in the OpesnSSO project.

The link to the homepage of the OpenSSO project is as follows:

On the Nightly Builds page, in the left column you'll see Nightly Builds under the Downloads heading.

On that page you'll see the following downloadable items:

  • Access Manager
  • Open Federation Library
  • Open Federation
  • J2EE Agents
  • Web Agents

My interest here is in the last two items, "____ Agents." If you click J2EE Agents from that list, you'll get a list of builds. It won't take too many clicks to see, at this point in time, that it's all for "Agent for Sun Application Server." You'll often see a "V9." So, I think it would be safe to say that an agent is coming up soon named something like Policy Agent 2.2 for Sun Java System Application Server 9.SOMETHING, not to be confused with "Sun Java System Access Manager Policy Agent 2.2 for Sun Java System Application Server 9.0 /Web Services," which is an authentication agent specific to web services. So this will be another case where two agents have confusingly similar names.

If you were to look into Web Agents instead, you'd see a few web agents. For example, you could click "latest" on that page to see the latest builds. If you're doing this in July of 2007, one of the agents you should see is "Agent for Sun Java System Web Server 7.0." In fact, that agent is now available for download and I don't mean from the OpenSSO site. It's been promoted from the OpenSSO site (though, still available out there) to the official Sun download site, available from this page: Download Agent for Sun Java System Web Server 7.0

Getting Policy Agent Installation Notes From the OpenSSO Site

But wait a minute, I haven't finished the document for Agent for Sun Java System Web Server 7.0 yet. I guess that just shows how effective this whole open-source thing is. They're getting software out so fast, I can't even get the related official documentation out at the same time. Well, I'm not really sure if that's what it shows, but I do know that the product is officially released and the document isn't.

Fret not (not that you were fretting), I'm going to explain how you can access basic (unofficial) Policy Agent 2.2 install instructions from the OpenSSO site. I'll be specifying Agent for Sun Java System Web Server 7.0, but it won't take much imagination to figure out how to get to the instructions for other agents as they become available.

By the way, moving Policy Agent 2.2 into the OpenSSO world, has had some affect (though relatively minor) on the installation and configuration tasks. Hopefully, it will all be reflected in the documenation; that's the intention, anyway.

Now, let me provide an example of how to navigate through the OpenSSO site to get to the basic installation notes for Sun Java System Access Manager Policy Agent 2.2 for Sun Java Web Server 7.0 (other agents will be accessed in a similar but somewhat different way). This Web Server 7.0 agent example is especially useful (at this time) to those who want some sort of documentation on this agent before the official documentation is released.

  1. Go to
  2. In the left column, select Browse CVS
  3. In the list of files that are displayed, select products/
  4. In the list of files that are displayed, select webagents/
  5. In the list of files that are displayed, select docs/
  6. Select the appropriate platform: Linux, SunOS, SunOS i86pc, WINNT

For both the INSTALL.txt file and the README.txt file, select the revision in the REV column. At this time, the most recent revision is 1.2. The README.txt file is for would-be agent developers. The document explains how to build and compile an agent that you download from the OpenSSO project, with libary and other dependencies described as well. The INSTALL.txt is targeted to people who retrieved the agent from the OpenSSO site. However, the document could be used, in an unofficial capacity mind you, for an agent, for example Agent for Sun Java System Web Server 7.0, downloaded from the official Sun download site.

Though, I've provided the navigation above to these files, the following are direct links to the 1.2 revisions of the README.txt and INSTALL.txt files associated with Agent for Sun Java System Web Server 7.0:

More About Policy Agent and the OpenSSO Project

As more agents get developed through OpenSSO, there will be a greater need to get involved with the OpenSSO project to follow an agent that is of interest to you. This is a good thing. You can track agents better in OpenSSO than those developed prior to OpenSSO because it's open. Now, you have more ways of discussing issues and questions that come up around Policy Agent. You also can track issues (or "bugs" if you prefer that term, but I'm calling them "issues" from here on out) that are filed against an agent.

Viewing Policy Agent Issues in the OpenSSO Project

Can I get a little help here? Please add a comment if you can. It would be great if the community can assist here. Are people looking for issues related to Policy Agent in the OpenSSO project. If so, what works for you?

Issue Tracker is the tool used to file and track issues in the OpenSSO project.

I did the following to search for Policy Agent related issues in Issue Tracker (of course, pick the options that fit your situation. Any tips or suggestions here?):
  1. Visit the OpenSSO homepage.
  2. In the left column, click Issue Tracker.
  3. Click Reports.
  4. Specify options (Examples are provided)
    • View: Open Issues
    • Type: DEFECT
    • Containing: agent
    • Rows: Subcomponent
    • Columns: Priority
  5. Click Generate Report
    You'll see a list of subcomponents. One subcomponent is J2EE agents and one is Web agents. The issues are listed by priority. You can click the number of Total issues for a subcomponent or the number of issues at a certain priority. The following link shows the page generated when one selects the options shown above: An example report, where the goal is to list all Policy Agent issues.

Discussing Policy Agent Amongst the OpenSSO Community

You can get info in a number of ways, as listed in the left column of the OpenSSO homepage under the heading Discussions. There's a also a Discussions web page that provides a bit of a description of the various discussion types. Here's my take on these discussion types:

  • IRC Channel: I don't know much about IRC. The link didn't work for me in the Firefox browser. However, it did work in Mozilla. Nothing was going on at that time. So, I don't know much about IRC.
  • Mailing Lists: There are quite a few mailing lists. In my humble opinion is going to be the most used one. The description is "A general discussion list for the projects end users." I visited the "View mailing list archive" link. From there, I clicked around and saw that Policy Agent issues are discussed, mixed in with other topics.
  • Wiki: Well, there's something about an OpenSSO Setup out there. It mentions Apache agent. So, there's that. I don't have anything else to say about that.
  • Forums: At this time, the click you make into "Forums" basically just gives you the following description: "General discussion on opensso not covered by other forums." Actually, I've added a link to the OpenSSO forum in the right column of this blog. Anyway, back to the OpenSSO site, if you click General you'll see lots of "Subjects," some of them are about Policy Agent. This is good stuff.

Friday May 18, 2007

Sun is way ahead of the open source curve (maybe)

I like the following quote:

"So far, it has taken Sun about three years to get to the point it’s at in the big transition. If other companies follow and it takes as long, could that lead to an advantage for Sun as a company that’s ready to get on with it?"

The quote comes from David Berlind of ZDNET in his blog. The blog entry basically explains the accompanying podcast. David interviewed (in MP3 format) analyst James Governor of RedMonk. Both of these guys blogged about the interview. You can access the interview and listen to it from both of their blogs:

  1. David Berlind's Blog
  2. James Governor's Blog

They talk about a few things, but Sun gets a decent amount of attention in the second half of the interview. I would say their attitude toward Sun is controlled enthusiasm. To me it seems they're both giddy about Sun's open source approach of late.

They throw in the appropriate disclaimers, but in their conversation Sun was sounding real intelligent.

Of course, I'm always listening for anything about identity management. That's where James said he wanted to see Sun do more. It was just one quick sentence. I'd like to know "More in what areas of identity management and why?" I mean, how is Sun lacking? I hear things like this from time to time, but I'm not sure if the analysts who say such things have ideas where Sun is missing out. In James' case, I'm sure he has very clear ideas of what Sun should be doing, but I don't know exactly what those ideas are.

Anyway, I took the interview to be very, very positive. Unfortunately, it means we have to work extremely hard now. I say that because whenever there's positive news about Sun, immediatley somebody says, "Yeah, but we still have a lot more work to do." This time I wanted to say it before somebody else did.


What does this box do?


« February 2017