Tuesday Nov 17, 2009

Moving OnTo Something New...

It's quite hard to write goodbye blog posts or emails, and here I find myself embarking on such a task. It's always hard to say goodbye, but sometimes it needs to be said just to bring some closure.

It's been a extremely interesting ride for me at Sun over the last 9 years as a contractor and an employee. They say, 'once a unix geek, always a unix geek'. Well, for me it's kinda slightly different, it's "once a sun geek, always a sun geek". The spirit lives on. It's easy to take a geek out of sun, but It would be very hard to take the "sun" outta a geek !

As I type this post with a rock on my chest, I also breathe a sigh of relief. A sigh of relief from the topsy-turvy ride we have all been on for a long long time. I've lived through several RIF's and survived them all... And now I find myself making this bold move of moving out and onwards on my own.

I think it's time for me to take my destiny into my own hands, and carve out my own future. It's high time I pursue my dreams, and am moving on from here to pursue that dream.

I've have had the opportunity to work alongside some of the industry's most brilliant, coolest and fun'est folks, the opportunity to live and learn new technologies, the opportunity to work for a company that had a vision, a true vision ! These moments will be cherished forever.

In the last several months i've been involved in some fascinating projects which span healthcare, banking and telecommunications verticals. The lessons learnt have been simply wonderful (both on a technical and personal note).

I am sure all our paths would cross again, and having said that I'd prefer to not say goodbye but rather use a line from an old Bollywood favorite of mine "DASVIDANIYA" (from the movie Mera Naam Joker), which means "Until We Meet Again".

Now, before any of you jump to any conclusions or concoct any conspiracy theories, the reasons for me moving on are quite simple. I am moving on to carve out my own future. I shall be a continuing my participation on the advisory board of BastionHost. Apart from this, my primary day-job would be quite different from what I've been used to all along. I'm finally switching gears from my telecommute role that Ive been so used to over the years, to work behind a desk and be involved in spearheading the development of SaaS enabled infrastructures for the wealth management sector.

Sometimes in life one comes by opportunities that are rare, and if one does not act upon them regret is all one be left with, and that is something I refuse to live with.

If you would like to continue being in touch, you can follow my ramblings on tumblr. I am always available through Facebook, LinkedIn and twitter. I could also be reached via email at rohan[@]rohanpinto[.]com.

Last but not the least, I'm not gone yet.. ! I would be continuing in my role at Sun until the end of the month. From now on until then I'll be tying up loose ends and enabling transition what I currently have on my plate on to other folks on my team. (and I hope to make the MOST of the time I spend with my colleagues during this time).

For all those folks in the Identity Practice... I will be hanging around this arena of technology for a quite while folks, So Stay Strong, Live Large, and do keep in touch. You will find my continued participation in the OpenSSO and OpenDS Alias's. I am not sure whats gonna happen to these product lines after the Oracle Acquisition, but regardless of the outcome, lets keep the community going and the continue contributing to the project. I know "I Will", I hope you will too...

This blog at Sun Microsystems will no longer be updated.

Saturday Nov 29, 2008

OpenSSO Complex Deployment

This series of videos are video captures of the course below. There is no sound for now, but this will be added at a later date.

From http://slslabs.sun.com/course/wspl-am-3508-d
Deploying OpenSSO servers in a simple environment is trivially easy. But throw secure sockets layer (SSL), load balancers, multiple servers, session failover, and Policy Agents into the mix, and deployment becomes a little more complex.

The OpenSSO Deployment course - a series of five downloadable, self-paced labs - takes you through a complex OpenSSO deployment. You deploy two Apache Tomcat servers, SSL-enable them, install a software load balancer, install OpenSSO into the environment, and configure OpenSSO for session failover. Then you install an example web server and an example application server, and install Policy Agent software to see how OpenSSO protects web sites and JavaTM 2 Platform, Enterprise Edition (J2EETM) applications.

This course uses OpenSSO Build 4.5, which provides identical functionality to OpenSSO Express Build 5. Other deployment components include Apache Tomcat version 6.0.14, Sun Java System Web Server version 7.0, and GlassFishTM application server version 2.

OpenSSO Complex Deployment Lab 1 Exercise 1

OpenSSO Complex Deployment Lab 1 Exercise 2

OpenSSO Complex Deployment Lab 1 Exercise 3

Friday Nov 14, 2008

Layoffs = Change ?

with this announcement : http://www.sun.com/aboutsun/pr/2008-11/sunflash.20081114.1.xml
- we take yet another step towards "change".

Do I see any change ? yes! of course I do. and here's what I see.

As part of today's actions, Sun's Board of Directors has approved a restructuring plan aimed at reducing costs by approximately $700 to $800 million annually. The plan includes a reduction of approximately 5,000 to 6,000 employees, representing approximately 15% to 18% of the Company's global workforce.

"reducing costs by approximately $700 to $800 million annually"

Sun expects to incur total charges in the range of $500 to $600 million over the next twelve months in connection with the plan, of which it expects to incur approximately $375 to $450 million within its current fiscal year 2009.

"Sun expects to incur total charges in the range of $500 to $600 million over the next twelve months"

- so... Am I reading this right ? or have i missed something ? Sometimes all of us see what we wanna see and tend to ignore the bigger picture. Like every other human being, I'm trying to see the bigger picture myself. Yet; however my blindfolds compel me to see what I wanna see. I guess It's time to take those blindfolds off as see the "bigger" picture :

Sun's new software alignments include the formation of two new business groups and a new group within Sun's existing Systems business:

Application Platform Software: Executive Vice President, Anil Gadre, will move from his position as Chief Marketing Officer to lead this newly formed group. Charged with creating the highest value modern software business in the industry, the unit will build on Sun's open source leadership position to capitalize on the global market's demand for open application platforms for everything from databases to business integration services on servers, desktops and handheld devices. This includes the entirety of Sun's Java technology franchise, MySQL open source database products, as well as Software Infrastructure including the widely adopted GlassFish Application Server and leading Identity management products. This group will also include the Sun Learning Services organization.
Systems Platforms: Under the leadership of Executive Vice President, John Fowler, Sun's Solaris, Virtualization (including xVM and VirtualBox), and Systems Management Software teams join the Systems organization to deliver highly differentiated and optimized computing, storage and networking systems. Unlike any other technology provider on earth, Sun will be uniquely positioned to leverage its open OS leadership and virtualization portfolio to create durable competitive advantage for Sun's systems business, and category-shifting innovations for customers. The recently announced 7000-series of Open Storage products, leveraging open source ZFS technology, DTrace analytics, superior management capability, and unique storage engineering are only the beginning of this deep systems roadmap.
Cloud Computing & Developer Platforms: Working across all of Sun, Senior Vice President, Dave Douglas, will lead the Company's efforts to capitalize on two trends: the increasing shift of customer and developer focus to web-based cloud services and Sun's already established leadership position in the space through Network.com, the NetBeans developer platform, and the StarOffice portfolio. The unit will build upon Sun's existing online developer community - one of the world's largest - to firmly establish the company as a leader in cloud computing and grow this area into a significant driver of future revenues.

Wednesday Oct 29, 2008

WS-Federation is adopting SAML v2 metadata

WS-Federation is adopting SAML 2.0 metadata when it releases WS-Federation 1.2. OpenSSO uses WS-Fed 1.1 metadata which is now deprecated. Expect to see an openSSO release soon that will adopt WS-Fed 1.2


Thursday Oct 16, 2008

Security Awareness Requirement for Web Application Developers

“Secure web application development has become imperative due to the new PCI-DSS mandate. Companies who choose to adopt the form of training offered by SCIPP will benefit from a trustworthy yet cost-effective security awareness program.”

~Howard A. Schmidt, former CISO for Microsoft and ebay, SCIPP Advisory Board Member

A free webinar on "Security Awareness Requirement for Web Application Developers"

WHEN: Wednesday, October 22, 2008

TIME: 1:30pm - 2:00pm EST

TOPIC: "PCI-DSS ALERT: Complying with the NEW Mandatory Security Awareness Requirement for Web Application Developers"

PRESENTER: Dow Williamson, CISSP, Executive Director.

CHANNEL: IT Certification and Training

Webinar: http://www.brighttalk.com/webcasts/1220/attend

How Important is Security ?

Estimates Put T.J. Maxx Security Fiasco At $4.5 Billion

The security Breach at TJX Companies Inc. could cost the company $100 per lost record, or a total of $4.5 billion, according to the calculations of a database security company.

NY Bank ‘loses’ 4.5M unencrypted customer records
In yet another unbelievable story of data irresponsibility, the Bank of New York (BNY) Mellon lost two sets of unencrypted backup tapes containing private data belonging to 4.5 million individuals. Third-party vendors misplaced the tapes during transport to off-site locations. According to the bank, the tapes "included shareowner and plan participant account information, such as name, mailing address, social security number, and transaction activity."

Save the Date attend the webinar on the 10th of October 2008 @ 1:30 PM EST.

Monday Oct 13, 2008

OpenDS in under 3 minutes

Nick Wooler the product line manager for the directory services team has posted a screencast on installing OpenDS in under 3 minutes !!! This screencast is a must watch.

watch the simplicity of the entire installation process. It's simply awesome. The entire install including pre-populating OpenDS with 2000 simulated/sample entries was done in under 3 minutes in 5 extremely simple steps. (it takes longer to boil an egg)

User Experience DOES matter.

... and if you liked the soundtrack used in the screencast.. it's "Light & Day / Reach for the Sun" by The Polyphonic Spree feel free to download it from iTunes. (thanks shazam). And for pine-apples... here's the YouTube full length video (which is also under 3 minutes) :

Sunday Oct 12, 2008

XACML - Declarative Access Control

Web applications need access control. I'm not gonna justify that fact. All web applications have the ability where you can restrict access to the resources that reside on it by simply modifying the deployment descriptors (web.xml). This method is called declarative security or declarative access control. Well, but does this really suffice ?

Well, say hello to XACML. XACML stands for eXtensible Access Control Markup Language.

It is a declarative access control policy language implemented in XML and a processing model, describing how to interpret the policies.

If you had followed what Daniel Raskins had said from a long time ago, about supporting XACML, well, here it is. OpenSSO now has XACML support.
Support for XACML allows our customers to share access control policies across corporate boundaries and offers more dynamic standards-based tools for creating federated mashups. As a result, our customers can continue to expand their business reach while using open-standards to enforce security decisions and minimize security risk.

The OpenSSO codebase also has a XACML client sample which you could download, compile and run in a few clicks.

Please Note: This is NOT sunxacml. sunxacml is implementation of XACML 2.0 specifications from sun labs. This does not have support for SAML2.0 profile of XACML 2.0 and is not part of OpenSSO.

OpenSSO XACML implements SAML2.0 Profile of XACML2.0 - supporting XACMLAuthzDecisionQuery and XACMLAuthzDecisionStatement. PEP makes XAML2.0/SAML2.0/SOAP request to PDP and gets response. The OpenSSO XACML client sample is a remote client library that could be used by an application to make XACML calls to PDP.

The returned XACMLAuthzDecisionStatement has XACML Response, Result, Decision and so forth. The OpenSSO XACML implementation leverages SAML2.0 capability of OpenSSO to manage SAML2 metadata of PDP and PEP and exchange SAML messages.

Here's a simple 5 step guide to running the XACML client and testing it with opensso.

  • get the OpenSSO.zip, extract and get the opensso-client.zip under samples directory

  • extract the opensso-client.zip, and goto "sdk" subdirectory

  • follow the README file to setup the samples

  • follow the instruction in scripts/run-xacml-client-sample.sh to setup the XACML.

I hope this post has been helpful. Cheers and enjoy building applications that use XACML !! interoperability rocks!!


Well, a lot of folks ask me often if I have fun @ sun. Well, there's TONS of reasons why I love this place. and one small reason being the fun!!. Our execs don't stop at just making sun a fun place to work at, in addition to the fun@sun perks ! they go all out !!! Here's video about Jonathan Schwartz getting "pwned" !!!

We sure know how to have fun @ sun !!!! and we LOVE IT !!!

~if you love what you do, everything is fun !

A Googly MySQL Cluster Talk

Here's a video about mySQL ndbcluster presented during google tech talk. The presenter is Stewart Smith who works for MySQL AB as a software engineer working on MySQL Cluster. He is an active member of the free and open source software community, especially in Australia.

Part 1 - Introduction to MySQL Cluster The NDB storage engine (MySQL Cluster) is a high-availability storage engine for MySQL. It provides synchronous replication between storage nodes and many mysql servers having a consistent view of the database. In 4.1 and 5.0 it's a main memory database, but in 5.1 non-indexed attributes can be stored on disk. NDB also provides a lot of determinism in system resource usage. I'll talk a bit about that.

Saturday Oct 11, 2008

What is Identity Management?

Explore how Sun can help you manage, audit, protect, share, and store identity data.

Click here to watch the webcast


for everything on Identity, JCAPS, SOA, WebServices, Security, Single Signon, Federation, Provisioning, Virtualization, Optimization, Debugging, Workflows, Compliance, MySQL and more... WAY MORE....

[this is a group blog]


« July 2016