Hack through OpenSSO?
By webshesh on Nov 01, 2006
Yeah, I call this interesting because it highlights something very important - "Open Source means different things to different people" ! Hey, There is Open Solaris out there. So can someone break into my Trusted Solaris implementation ? Is the word "Impossible" too harsh ....? There was a good number of responses to the OpenSSO question; of course, I agree with each one of those responses. As someone rightly pointed out, the DES encryption algorithm is open sourced, but it does not mean a hacker can break into a Security infrastructure based on DES. So, I guess the point is - Geeks understand the benefits of Open Source and realise the developer perspective to Open Source. But, when a Business case is written for a specific implementation and an Open Source product flashes in the radar, paranoia sets in. I guess, the points that needs to be stressed here is that it is more of a benefit for an Enterprise which implements Access Management to know the inner details of how the product works. It helps better understand the capabilities of the product and also drives a "planned" customization and any strategic enhancement initiatives. An OpenSSO does everything any other Closed-Source Access Management product can do, except that the code is available to public so that "you" how it all works and also lets "you" -the customer's developers- decide what more you want to do with it. Well, Linux today is no less user-friendly than 'any other' OS. What made this possible? ..Of course, the contribution from the community. So, again : http://opensso.dev.java.net