Tuesday Apr 27, 2010

Iron Man, Identity Security and the Cloud

If you are a security expert and you have not been to the new Oracle Iron Man 2 website you have to take a look at the cool demo site listed under "Stark Expo".  The intro has a great security questionnaire on Security in the cloud in an cutting edge interface.  If you read yesterday's blog, and went to the Iron-Clad Cloud: Secure Cloud Computing article in the new Security Newsletter, you were able to get an insight into way's Oracle can help secure the cloud.  You will also do well on the questionnaire at "Stark Expo".

 Go Check it out!

In Iron Man 2, Oracle is a proud sponsor of Stark Expo, a world-class tradeshow that depends on a cloud computing architecture to ensure that all systems are free from overload. And that’s where you come in: by becoming a Master Cloud Operative, you’ll help keep Stark Expo up and running. Complete your training, test your troubleshooting skills, and get certified in the Oracle Pavilion.

Tuesday Sep 16, 2008

Register to see Mr. Winky, The IdentiCat, Introduce OpenSSO Enterprise 8 in SecondLife

I have been reading Daniel Raskin, aka The Smoking Monkey (Ask Mr. Cote why), Pat Patterson and Mr. Dixon's posts recently and I thought that things were getting very interesting in the Identity space at Sun.  The phenomenon of the IdentiCat has caused interesting questions to be raised about the role of identity as related to the Yeti, BigFoot and now the IdentiCat.  I saw this offer to register for a presentation in SecondLife.  I am going to be there to find out what this is all about.

Mr. Winky, The IdentiCat will be giving an overview of OpenSSO Enterprise 8 in SecondLife on September, 30 at 8:00am PST.  You can register the for the presentation here.  

The IdentiCat is rumored to outnumber the Yeti and BigFoot throughout the world.  It is just not as big or is commonly confused with Tigger (Image to the Right provided by Disney) or Tony the Tiger.  As a result there is not as much press that is generated because sightings often result in "back away from the sugar cereal" comments.  It has even resulted in some people wanting to ban or limit the use of sugar cereals by children lest they start to proclaim they had actualy seen an IdentiCat.

The real IdentiCat has come out to set the record straight.  It is refreshing that we are able to get the truth about this confusion and be able to see the true IdentiCat.  At the same time it is fitting to have Mr. Winky explain what great features will be available in the OpenSSO Enterprise 8 release.  The juxtaposition of identity protection and revealing the IdentiCat now that he is ready to reveal himself attests to the security capabilities of OpenSSO Enteprise 8.  I hope to see you all in SecondLife.

Monday Aug 04, 2008

15 Minute Rule and OpenSSO

Marten Mickos talks frequently about a 15 minute rule at MySQL which refers to their rule that customers should be able to download, install and start using within 15 minutes.  This is a model built for developers that live on the web whether at work or in their every day life.    OpenSSO has focused on improving it's user experience and we are excited about a number of the workflows that have been developed that make Federating much easier.  However, I was on a recent call with a very big customer and I was talking about OpenSSO and how to participate in our Early Access program  (I will blog later this week about the EA program but watch this page).  As I was talking, the customer piped in, "I just downloaded and installed while you were talking and will start evaluting the upgrade documentation."  I have blogged in the past that we have tried to make the product easy and effective to install within 15 minutes.  I had some empiracle and positive feedback that I wanted to share.  Download and try installing for yourself and let me know if you can do it in 15 minutes.

Download at OpenSSO.org here
Installation instructions are here

 Also, Sidharth Mishra, who is a great colleague of mine, has put together a great summary installation guide on Glassfish.  You can read it here.

Friday Aug 01, 2008

Tired Of Managing Agents?

Tired of managing agents in your infrastructure?  OpenSSO provides a great way to reduce the number of agents that you have to manage in your application infrastructure.  Aravindan Ranganathan, a Technical Architect on the Sun team, wrote a great article on how to use the Identity Services that are available in OpenSSO to include security in your applications.  This article focuses on Single-Sign-On and Sign-Out but this the fourth in the series focused on Identity Services.  You can look at the other articles here:

The article goes into great technical depth on how to do the following:

Identity Services are important in a number of ways for customers looking for a Web Access Management solution.  They not only allow you to build security into applications or reduce the number of agents they have to manage.  The identity services also allow customers an architecture for better integration into their application architecture giving them ultimately more choice.  When you create enterprise software you have to design for a number of different environments.  The ability to access these services gives customers the maximum amount of choice and a choice leads to lower costs and higher value.

Lastly, I wanted to thank Marina Sum and her team for these great articles on OpenSSO.  The content and technical detail are valuable to the community.

Tuesday Jul 29, 2008

OpenDS 1.0 Embedded in OpenSSO Express

And the fun continues!  OpenDS announced this week the launch of OpenDS 1.0.  I was speaking with Kevin LeMay who gave me a quick run down on what OpenDS SE 1.0 is.  He said "Sun OpenDS SE 1.0 is a high-performance, highly-extensible, pure Java directory server that delivers a fully compliant LDAPv3 server that passes all of the compliance, interoperability and security tests suites. Furthermore, Sun OpenDS SE 1.0 implements most of the standard and experimental LDAP extensions defined in the IETF as RFCs or Internet-Drafts, ensuring maximum interoperability with LDAP client applications."  You can get more information here on OpenDS SE 1.0

This matters as product teams have struggled with how to embed configuration information or policy stores for products that need to manage identity information.  OpenSSO embed's the community version of OpenDS for exactly this purpose.  Not only is it 100% Java but it is very performant and standards based.  OpenSSO uses OpenDS to manage configuration data under the covers it also allows developers installing for evaluation purposes or to get a quick POC up and running to use it for an identity store (not an architecture we support in production).  However, it gives developers and customer's options which is what Open Source is all about.  

You can get in-depth information about the architecture of OpenSSO here.  In this document, where it refers to the configuration store, we are referring to OpenDS.

Also, as I was researching this piece I found this interesting post at the JBoss Portal Wiki.  It describes the installation and coniguration steps for their portal using OpenDS as the directory and OpenSSO as the Web Access Management solution.  Looks interesting but I have not tried it myself.

Monday Jul 28, 2008

OpenSSO Express from the trenches

OpenSSO Express has had a fun first week.  Sun is announcing that it will now provide comprehensive support and indemnification for OpenSSO.  This will be called OpenSSO Express.  OpenSSO is the worlds largest open source identity project that provides fully featured single sign-on, federation management and web services security capabilities in a single Java distribution. Customers who purchase Access Manager, the current release of Sun's commercial version of OpenSSO, are now entitled to both support and indemnification for OpenSSO through OpenSSO Express.  This move is in response to demand from both Sun Access Manager customers and OpenSSO community members who requested support for OpenSSO rather than waiting for the next commercial product release.

Some of you may have seen my article on SDN where we explained the new model to the developer community.  You can read the entire text here.  I work with Marina Sum who is a great writer but more importantly a valued manager who kept an eye on the detail of the article.  She is a great asset to Sun and you can read the text here.

Also, if you haven't seen Daniel's blog lately you should see his new moniker (The Smoking Monkey).  This was derived from the work that was done on the teaser campaign for the Fedlet.  However, it was Cote who gave him the name.  YOu should read his blog regularly because not only does he cover the identity space but he also has a deep background in System Management and you can see from his blog title he has his priorities in order.   If you ever get a chance ask him about whether he has ever seen a man walking a cat on a leash?

This is how Sun defines the different releases in the OpenSSO Community.

 Release  Name  Definition
OpenSSO Periodic or Nightly Build
Nightly builds of OpenSSO that customers can download but can only get support from the community via IRC, email or documentation.
 Open Source Supported
Sun OpenSSO Express build
Periodic builds (e.g. released every one to two months) that Sun will provide support to customers that have purchased a license and a valid support contract

Sun Java System Access Manager

Sun Java System Federation Manager

Commercially supported release of OpenSSO.  Sun continues to support backwards compatibility and current release plus the previous two versions for customers.  Customer's can get long term support for their production deployments from Sun.

Here is a picture which describes the new release model.  Sun will provide support for the latest OpenSSO Express build and the previous build (e.g. latest minus one).

This is another move by Sun to align naming and policy across it's OSS projects.  It is important because it give's customer choice.  Customer's can choose to start projects earlier without having to ask their sales guy for an "early access" version of the software that may or may not be tested by a proprietary software vendor.  OpenSSO has 80% of its' code covered by automated test cases.  Additionally, customer's that are ready to go to production today can monetize those projects within their business models.  This means they can make money today with the knowledge that Sun is there to support their business.  This gives customer's choice and opportunity which they did not have last week. 

 We are excited about what this does for our customers.

Friday Jul 25, 2008

Single Sign-On Summit: First Day Recap

The OpenSSO team are in Keystone, CO this week for the first annual SingleSign-On Summit.  The event is very focused on the issues of Single-Sign-On and Federation.  There are approximately 110 attendees so very intimate which has resulted in a number of very good conversations.  The agenda was very well organized and started with a historical overview of the last 20  years in the industry issues associated with Single-Sign-On.  Andrew Cameron, gave a rivetting overview of the keys to getting executive buy-in during SSO and Federation project.  The day ended with small group sessions with some lively convesations about what is going on in Europe with identity cards and how government portals are using that to provide Single-Sign-On accross a number of government entities.  A good example of this is the work that Sun did with Norway.no.  A case study on this can be found here

The day ended with a tremendous dinner at the Ranch where we were able to continue some of the great conversations about the challenges and success characteristics of federation and SSO implementations.  One, customer that was at the event shared the challenges they had in integrating a number of service providers globally with very diverse IT capabilities.  The Fedlet was a great piece of technology that could have helped.  Additionally, a discussing insued between this customer and Covisint whose identity services provides small service providers a platform to connect to as an intermidiary to the big enterprise. 

Pictures to come.

Wednesday Jul 23, 2008

OpenSSO Express: Start your Federation project today with support from Sun

Today Sun announced the availability of OpenSSO Express.  OpenSSO Express allows any customer with an existing license and support contract to Java ES, Identity Management Suite, Access Manager or Federation Manager to get also get support from Sun for OpenSSO Express.  This is game changing as it allows customer's to use the latest innovations from the OpenSSO community while knowing that they have a company with the global reach and support from Sun behind their efforts.  I will borrow a line from Jonathon Schwartz and Rich Green in an article in eweek earlier this year.  Companies that have more time than money can still get OpenSSO for free and use it with support from the community.  However, companies that have more money than time can look to Sun to provide support and allow them to focus on the innovations that differentiate their products or business in the market.  

You can read more about the announcement here.

You can download the software here.

Monday Jul 21, 2008

Microsoft Zermatt Gives Developers better WS\* and ADFS Support

Microsoft released Zermatt a new developer focused framework for .Net application development.  Microsoft is trying to help customers who have .Net applications to do the following: 

  • Building claims-aware applications
  • Building Security Token Services (STS)
  • Creating Information Cards
  • ASP.NET Controls 

Felix Gaehtgens has written a nice review here of the technology and the business impact of the release.  One of the claims that he makes is that this release will also allow organizations to create their own custom Secure Token Service (STS).

"The white paper released by Microsoft, together with the Zermatt software and programming examples also explains how to build a custom STS. The groundwork is all done by the Zermatt library, and therefore allows a developer to concentrate on writing the actual business logic to enable the trust relationships. The documentation hints towards significant new STS features in Microsoft's upcoming next release of ADFS and suggests that the best approach for most organisations is to buy a STS, and not build - however for those who need to build, the framework is there in Zermatt ready to be unleashed. "

Another approach is to use the STS that is in OpenSSO.  The Secure Token Service in OpenSSO Provides for  standards based creation, validation,  and translation of  standards-based tokens and proprietary tokens such as Oracle Access Manager and CA SiteMinder.  It is a flexible solution that can be deployed with OpenSSO's access management and federation services or it can be deployed standalone to support 3rd party web access management and federation solutions and XML gateways.  You can read more about the capabilities of OpenSSO STS at the OpenSSO Wiki or in the design documents with the OpenSSO project here (there is also a nice presentation here)

Felix goes on to say the following about vendor's shipping their own STS. 

What is the impact of Zermatt for the industry? Within the Microsoft environment, this is an incentive for developers to make their applications claims-aware, and to use the new features that WS-\* brings. It is therefore realistic to expect more applications becoming ready for federation in the near future, and an impetus for SOA developers to draw on identity information through WS-\*. Although the Zermatt framework is very specific to the Microsoft environment it may be likely to see similar efforts being made on other platforms. Most likely, existing frameworks might be extended to make the processing or claims easier in other environments, and provide foundations to build secure token servers in an easier way than done today. Kuppinger Cole also expects that vendors will soon start shipping their own shrink wrapped STS. As Microsoft is expected to significantly upgrade ADFS in the next release, we also expect opportunities for companies to harness ADFS's customisation and plug-in capabilities to create value-added add-ons, similar to what Omada has done for Microsoft's ILM.

As OpenSSO provides an STS that works with .Net and Java based platforms we are excited about how the marketing is evolving in the space of Web Services Security.  Don't wait to start your project.  Download it today at OpenSSO.org.

Thursday Jul 03, 2008

Salesforce Supports SAML--Standards Matter

Salesforce.com announced recently that they will support SAML in their product.  You can read their blog post here.  This is great news for companies that have a Web Access Management solution like OpenSSO that has comprehensive support of the SAML standards.  As more companies use companies like Salesforce.com to provide critical CRM functionality for their enterprise (Fortune 500 or SMB's) they can leverage their Single-Sign-On infrastructure to appropriately.  Why does this matter?

This announcement is important because it allows an enterprise to provide Single-Sign-On with important vendors like Salesforce.com.  It also allows enterprises to control which attributes it passes to these important vendors without sending their username or password via the internet to the partner.  This allows the enterprise to remain agile and pick vendors that provide competitive advantages like in the case of Saleforce or SugarCRM.  Most importantly, as relationships change more quickly this standards approach make changing and switching vendors when necessary for business reasons easier.  This allows IT to be an enabler of strategic relationships rather than a blocker in the enterprise. 

Standards matter!

Thursday Jun 19, 2008

Identity Interoperability Is Important

I always wanted to create a tongue twister so there you have it.  Identity Interoperability Is Important.  Computer, the magazine, is seeking articles for their April 2009 issue on interoperable identity-management system.  I wonder if they will get an article from Sun.  Kenji Takahashi, takahashi.kenji_at_lab.ntt.co.jp submitted the request to the Concordia project mailing list.  If you are not already signed up to recieve the emails or are not part of the team please sign-up here.

Call for articles for Computer
Computer seeks articles for an April 2009 theme issue on interoperable
identity-management systems.

Today, broadband access contributes to the sustained development of
service-oriented economies. Opportunistic, automated transactions
require accurate and trustworthy exchange of information about the
parties, while personal information is used to
commit to legally binding transactions and to permit customized service
offerings. The use of personally identifiable attributes constituting
digital identity is becoming an integral part of B2B and B2C processes
and of many online social activities.

The guest editors solicit papers that address practical concerns,
explore leading-edge engineering advances, envision shifts in computing
paradigms in the area of interoperable IdM systems, and investigate
expected social impacts.

[Submission Due]
Paper submissions are due by 15 September.

[Submission Instructions]
Complete submission instructions are available at

Direct inquiries to guest editors:
Piotr Pacyna, pacyna_at_kt.agh.edu.pl
Anthony Rutkowski, trutkowski_at_verisign.com
Amardeo Sarma, sarma_at_netlab.nec.de
Kenji Takahashi, takahashi.kenji_at_lab.ntt.co.jp

Interoperability---Project Concordia and Oasis adds SAML

As Federated Identity starts to take off in the Web Access Management market segment, there are a number of standards bodies that you need to stay in touch.  Of course, the manadatory OASIS and Liberty.org projects are great.  I am specifically impressed with the standards validation that the Drummond Group did on behalf of Liberty Alliance Project.  See the full report here.

Additionally, Eve Maler--XML Girl--facilitates a project called Concordia.  This project is focused on driving interoperability between the differrent standards bodies.  This built out of a passion and tremendous experience that Eve brings to the table as she has worked on behalf of Sun within the Microsoft partnership on interoperability.  There is some great work that has come out of that and you can read about it on Eve's Blog here.

SDN Get's Facelift

Check out the new facelift for the SDN Channel at Sun.  It has some great new features and uses the Roller as part of the infrastructure to get new interactive blog features for users.  Here is what was broadcast to us at Sun about the new release:


You will notice the same great content, but with a sleek new look and easier navigation!

The SDN Channel is the "one stop shop" for all developer multimedia and is now organized into 4 distinct shows:

\* Developer TV -  A 5 - 7 minute vodcast with technical overview of the latest developer news and trends.  This show features technology discussions with industry experts and developers.  Learn about emerging technologies and how they are being used.

• Tech Deep Dives - The "How To" show.  This is a 20 minute vodcast with in-depth technical interviews with experts.  It includes detailed technology demonstrations and the hands-on development experience.

• SDN on the Road -  This informal audiocast includes interviews capturing highlights from industry tech events and conferences.  Hear first-hand from industry luminaries, presenters and attendees.  Find out what developers are saying and how they are using the latest technology.

• CampusCast  - This popular audio podcast series features interviews with Campus Ambassadors worldwide.  Hear straight from students about the latest technology trends and research projects that are happening across universities and college campuses!

In addition, The SDN Channel now has a new "What's Hot" section and "Show Guide" providing easier navigation through the SDN Channel multimedia library.

By building new templates and incorporating the latest features, we were able to maximize Roller technology and deliver a very stable, state of the art, dynamic blog that will scale.

Wednesday Jun 11, 2008

Performance and Scalability on FAM/OpenSSO Wiki

Who knew?  Who knew that FAM could support approximately 50,000 concurrent login's per site.  We had a call with a customer today that asked about the performance and scalability capabilities of the current Access Manager 7.1 product.  We are in the midst of doing performance and scalability testing for the current OpenSSO product so stay tuned for those results.  We were able to point the customer to a number of documents that describe tuning that customers can do to maximize performance of the product.  You can find that documentation here.  

 Who Knew?  Who knew that OpenSSO and FAM 8.0 have started a wiki to collect and disseminate some of the new information that is being delivered via our new wiki here.  You can get the following types of assets at this wiki: Videos, FAQ's, Support Dashboards, Architecture Overview.

Tuesday Jun 10, 2008

Product Management OpenSSO FAM

I was just in Boston for a meeting with the product managers about our upcoming plans for OpenSSO, FAM, Identity Management and Role Manager at Sun.  All I can say is that there are some exciting things happening and I get to work with a dynamic group of people.  I was finally able to meet Nick Crown who is running the GRC and Role Management product at Sun.  It was nice to put a face with a name as I am one of the lucky people at Sun that gets to work from home in Monterey and although I have interacted with Nick via the phone, IM and Skype it was the first time I had a chance to meet Nick in person.  Here is a recent article that Nick and Mark Herring was written on how Role Manager and our Identity Management solutions fit into an IT GRC strategy.   

While in Boston we got a chance to meet Andras Cse.  We were able to brief him on some of our upcoming plans and he told us about some of the research that he will be releasing later this quarter on Role Manager.  

 Boston is a great city but I have to root for my Lakers even though they are down 2-0.  However, we are back in LA so a little home cooking will do us good.


Sharing 12 years of technology experience as developer, product and program manager, and marketing director. Identity Management, Security, and Product Management issues occupy my mind during the working day. Water Polo keeps me healthy.


« June 2016