Thursday Dec 11, 2008

Sun Directory Server Provides Infrastructure for Energy Innovators and to Help Reduce Cost

As President-elect Obama announced his Energy Team yesterday, I was excited for two reasons.  One, Steven Chu is a Californian from Lawrence Berkeley National Laboratory and it is nice to see local citizens playing National and Global roles improving our environment.  Two, I am proud to work at Sun because a large number of the energy innovators like Argonne Laboratory, which is also a part of the Department of Energy, are using Sun's Software to provide the backbone of innovation within these organizations.  

Argonne Laboratory uses Directory Server Enterprise Edition to power their collaboration infrastructure.  They also use MySQL, JavaES, OpenSSO Enterprise and Virtualization (e.g. xVM Server) to power their innovation.  You can see a great video with David Salbego, Director of IT Infrastructure at Argonne National Labs regarding his experience and business benefits resulting from Sun solutions. 

BC Hydro also used OpenSSO Enterprise and Directory Server to reduce cost of providing a web portal for their customers to get interact with their organization.  They reduced the use of paper and conserved resources for our environment.  You can read about the solution here.

Wednesday Dec 10, 2008

Socialnetworking Not Immune as Facebook Is Hit By Koobface

If you are a Facebook user that has received some crazy emails recently from "friends" with enticing subject lines to click on a video or picture should think twice before clicking the link.  The Koobface virus has rared it's ugly head again and for some in the eweek article posted here have had to throw out their PC's because of being infected.  Facebook has been great about identifying scams and exploits and maintains this page for users to get information about their security.  

In the interest of spreading the word and propagating good usage of the internet:

Here are some ways to be smart and aware on Facebook:

  • If a link or message seems weird, don't click on it. This is true of all spam—whether a chain letter, an ad, or a phishing scam. If it seems weird for an old friend to write on your Wall and post a link, that friend may have gotten phished. Let the person know, and don't click on links you don't trust.

  • Be aware of where you enter your password. Just because a page on the Internet looks like Facebook, it doesn't mean it is. Learn to tell the difference between a good link and a bad one.

  • Report any spam or abuse you see on discussion boards and Walls. Those report links are there for a reason. The sooner we find spam, the sooner we can remove it and eliminate spammers from the site.

  • Don't use the same password on Facebook that you use in other places on the web. If you do this, phishers or hackers who gain access to one of your accounts will easily be able to access your others too. You might find yourself locked out of your email and even your bank account.

  • Never share your password with anyone. Don't do it. Facebook will never ask for your password through any form of communication. If someone pretending to be a Facebook employee asks you for it, don't give it out, and report the person immediately.
  • Don't click on links or open attachments in suspicious emails. Fake emails can be very convincing, and hackers can spoof the "From:" address so the email looks like it's from Facebook. If the email looks weird, don't trust it, and delete it from your inbox.

  • Add a security question. If your account ever does get stolen, you might need this to prove your identity to Facebook. If you haven't already done so, you can add a security question from the "Account Settings" page.

Also, if you are interested in avoiding scams during the holiday season here is a helpful site from CNET.  The site can be viewed here.

Tuesday Dec 09, 2008

CyberSecurity Advice for 44th President, Report released today

BusinessWeek published an interesting article on Sunday titled "U.S. Is Losing Global Cyberwar, Commission Says".  If you are interested in Identity Management or IT security this is an important topic.  The plenary session was held this afternoon with press releases flying across the internet.  You can find the MSNBC version here.  BusinessWeek did a nice job of scooping the report and summarizing some of the recommendations which include creating a "CyberSecurity Czar".  I am not sure we need more Czar's but if you are interested in the details of the report please take a look at the full report here.

Tuesday Dec 02, 2008

The Cats at OpenSSO Are Dancing because of the Gartner IAM Magic Quadrant

Now I know that you are already aware that the "Cat's" on the OpenSSO team are very cool.  But did you know that Gartner has given them a positive review in the latest Magic Quadrant of their latest release.  The move up and to the right in the magic quadrant because of the innovative work on the "Fedlet", their interoperability and standards support, as well as their support of web services security via the STS has got them dancing. 

Another couple of Cool Cat's, Nick Crown and Pat Patterson, posted blog entries yesterday also praising the achievement.

Check out the team as they celebrate the latest accolade for their innovative work.  Thanks to the team over at Jib Jab and Office Depot  who helped us record the Cool Cat's as they celebrated at a local club in Santa Clara.  You should go and visit the site and get Elfed.  My three kids lauged for 5 minutes straight last night after creating a video on this site.

Send your own ElfYourself eCards

Wednesday Nov 05, 2008

Identity Heroes at Gartner Identity Access Management Event, Nov. 10-13, Orlando, FL

Gartner Identity and Access Management conference is happening next week, Nov. 10-12 in Orlando, Florida.  This is a great event that brings together analysts, customers and vendors to share knowledge and experience on important topics that shape the Identity and Security industry.  I will be attending with a few of my notable Identity Product Managers at Sun including: Daniel Raskin, OpenSSO; Nick Crown, Identity and Role Manager; Craig MacDonald, Identity Manager; and our fearless leader John Barco.

Come by and spend some time with your favorite Identity team.  On Monday, November 10 we will be watching Monday Night Football and talking identity in the Presidential Suite at the Gaylord Hotel at 9:00pm ET.  There will be great food, drinks and music as well as a few discussions about Identity.  We hope to see you there.

And, we will be having a few games of Identity Hero.  If you want to practice, check it out here.

Tuesday Nov 04, 2008

OpenDS Monthly Call

There are great things happening in the OpenDS project.  Last week the team released a major update to the code.  The release also contained a great new console to manage schema, edit entries, etc.  I will blog more about this later in the week.  

Additionally, Ludo is having his monthly call this morning to go over the new release and discuss some upcoming feature's.  Hopefully, you can join the call.  Here are the details.

Dear OpenDS users and developers,

Please join us on the phone for the next OpenDS monthly public  
meeting, Tuesday November 4th, 2008, 9am PST, 6pm CET, 5pm GMT.

On the agenda for this month meeting, we will review the current  
status of OpenDS 1.1, do an update on the roadmap and will present in  
details the changes that being integrated in OpenDS to be able to  
integrate it as part of OpenSolaris. These changes include SVR4  
packages, additional features with SASL authentication, SMF support,  
separation of binaries and data...

The call in details can be found here.


Wednesday Oct 15, 2008

Identity Management European User Group and Burton Catalyst Europe

I will be attending Burton Catalyst Europe in Prague next week.  This is a great conference brings together a number of thought leaders and practitioners in the Identity, Security SOA and Dyanmic Data Center spaces to talk about real problems.  The event brings a fresh approach to conferences as they minimize vendor presentations.  Yes I am a vendor and I do appreciate this approach.  Because, as a vendor we attend the conference to have real open conversations with customers and analysts about the problems teams are experiencing, and hear about creative solutions that are being employed to solve those problems.  Ultimately, it is about sharing in an open environment about where we all think the identity space is headed.  I look forward to hearing what people are doing with virtual directories.  How LDAP is being used or not used in Web 2.0 architectures?   And, how this "identity bus" that Kim Cameron and Felix from Kuplinger-Cole were talking about here, may involve OpenDS or OpenESB?

Additionally, while we are in Europe, on Tuesday, October 28 we will be attending the Sun Identity User Group in Munich.  This User Group session is open to all Identity Manager, Access Manager, Directory Server Enterprise Edition, and Federation Manager customers.  For anyone new to this User Group, it is a customer driven forum providing a valuable opportunity for customers to exchange practical and technical knowledge and experiences.  Here is information on the time and location:

Sun Identity Management User Group - EMEA 2008
Tuesday, October 28, 2008
9:00 am - 4:30 pm
Registration & Continental Breakfast will begin at 8:30 am
Sun Microsystems GmbH
Sonnenallee 1
85551 Kirchheim-Heimstetten

The agenda of the User Group can be found here.  You can register for the User Group by going here.

Sunday Oct 12, 2008

User Experience Matters--install OpenDS in 5 easy steps

I recently moved over to the Directory Services team to take on the Product Line Management position.  I had a lot of fun working with the OpenSSO team and I am excited about the great things that team has released into the market place.  Another exciting thing about the job change, besides continuing to work with the OpenSSO team as they embed OpenDS as the configuration store in their product, is that I get to work with another team that values the importance of User Experience when building software.  Enterprise software for years has promulgated the myth that all that matters is innovation or features within new releases.  User Experience has always been an after-thought.

OpenDS has worked hard to promulgate a different approach which puts User Experience at the top of the priority list.  You can see this in the installation experience of the software.  MySQL builds software with a design guideline Martin Mickos call the "15 minute rule".  This is the rule that their enterprise version should be downloaded and installed in 15 minutes or less.  OpenDS can beat this by being installed in less than 3 minutes.  This is even true when you are allowing OpenDS to generate 2000 simluated Directory Entries.  Powerful stuff.  Not only do you get a great directory engine up and running quickly but if you are a Developer or QA Engineer you can get going quicker as well.

More to come on the performance data and some of our plans soon.  See for yourself how great the User Experience is for OpenDS in the video below:

Tuesday Sep 16, 2008

Register to see Mr. Winky, The IdentiCat, Introduce OpenSSO Enterprise 8 in SecondLife

I have been reading Daniel Raskin, aka The Smoking Monkey (Ask Mr. Cote why), Pat Patterson and Mr. Dixon's posts recently and I thought that things were getting very interesting in the Identity space at Sun.  The phenomenon of the IdentiCat has caused interesting questions to be raised about the role of identity as related to the Yeti, BigFoot and now the IdentiCat.  I saw this offer to register for a presentation in SecondLife.  I am going to be there to find out what this is all about.

Mr. Winky, The IdentiCat will be giving an overview of OpenSSO Enterprise 8 in SecondLife on September, 30 at 8:00am PST.  You can register the for the presentation here.  

The IdentiCat is rumored to outnumber the Yeti and BigFoot throughout the world.  It is just not as big or is commonly confused with Tigger (Image to the Right provided by Disney) or Tony the Tiger.  As a result there is not as much press that is generated because sightings often result in "back away from the sugar cereal" comments.  It has even resulted in some people wanting to ban or limit the use of sugar cereals by children lest they start to proclaim they had actualy seen an IdentiCat.

The real IdentiCat has come out to set the record straight.  It is refreshing that we are able to get the truth about this confusion and be able to see the true IdentiCat.  At the same time it is fitting to have Mr. Winky explain what great features will be available in the OpenSSO Enterprise 8 release.  The juxtaposition of identity protection and revealing the IdentiCat now that he is ready to reveal himself attests to the security capabilities of OpenSSO Enteprise 8.  I hope to see you all in SecondLife.

Monday Aug 04, 2008

15 Minute Rule and OpenSSO

Marten Mickos talks frequently about a 15 minute rule at MySQL which refers to their rule that customers should be able to download, install and start using within 15 minutes.  This is a model built for developers that live on the web whether at work or in their every day life.    OpenSSO has focused on improving it's user experience and we are excited about a number of the workflows that have been developed that make Federating much easier.  However, I was on a recent call with a very big customer and I was talking about OpenSSO and how to participate in our Early Access program  (I will blog later this week about the EA program but watch this page).  As I was talking, the customer piped in, "I just downloaded and installed while you were talking and will start evaluting the upgrade documentation."  I have blogged in the past that we have tried to make the product easy and effective to install within 15 minutes.  I had some empiracle and positive feedback that I wanted to share.  Download and try installing for yourself and let me know if you can do it in 15 minutes.

Download at here
Installation instructions are here

 Also, Sidharth Mishra, who is a great colleague of mine, has put together a great summary installation guide on Glassfish.  You can read it here.

Friday Aug 01, 2008

Tired Of Managing Agents?

Tired of managing agents in your infrastructure?  OpenSSO provides a great way to reduce the number of agents that you have to manage in your application infrastructure.  Aravindan Ranganathan, a Technical Architect on the Sun team, wrote a great article on how to use the Identity Services that are available in OpenSSO to include security in your applications.  This article focuses on Single-Sign-On and Sign-Out but this the fourth in the series focused on Identity Services.  You can look at the other articles here:

The article goes into great technical depth on how to do the following:

Identity Services are important in a number of ways for customers looking for a Web Access Management solution.  They not only allow you to build security into applications or reduce the number of agents they have to manage.  The identity services also allow customers an architecture for better integration into their application architecture giving them ultimately more choice.  When you create enterprise software you have to design for a number of different environments.  The ability to access these services gives customers the maximum amount of choice and a choice leads to lower costs and higher value.

Lastly, I wanted to thank Marina Sum and her team for these great articles on OpenSSO.  The content and technical detail are valuable to the community.

Tuesday Jul 29, 2008

OpenDS 1.0 Embedded in OpenSSO Express

And the fun continues!  OpenDS announced this week the launch of OpenDS 1.0.  I was speaking with Kevin LeMay who gave me a quick run down on what OpenDS SE 1.0 is.  He said "Sun OpenDS SE 1.0 is a high-performance, highly-extensible, pure Java directory server that delivers a fully compliant LDAPv3 server that passes all of the compliance, interoperability and security tests suites. Furthermore, Sun OpenDS SE 1.0 implements most of the standard and experimental LDAP extensions defined in the IETF as RFCs or Internet-Drafts, ensuring maximum interoperability with LDAP client applications."  You can get more information here on OpenDS SE 1.0

This matters as product teams have struggled with how to embed configuration information or policy stores for products that need to manage identity information.  OpenSSO embed's the community version of OpenDS for exactly this purpose.  Not only is it 100% Java but it is very performant and standards based.  OpenSSO uses OpenDS to manage configuration data under the covers it also allows developers installing for evaluation purposes or to get a quick POC up and running to use it for an identity store (not an architecture we support in production).  However, it gives developers and customer's options which is what Open Source is all about.  

You can get in-depth information about the architecture of OpenSSO here.  In this document, where it refers to the configuration store, we are referring to OpenDS.

Also, as I was researching this piece I found this interesting post at the JBoss Portal Wiki.  It describes the installation and coniguration steps for their portal using OpenDS as the directory and OpenSSO as the Web Access Management solution.  Looks interesting but I have not tried it myself.

Monday Jul 28, 2008

OpenSSO Express from the trenches

OpenSSO Express has had a fun first week.  Sun is announcing that it will now provide comprehensive support and indemnification for OpenSSO.  This will be called OpenSSO Express.  OpenSSO is the worlds largest open source identity project that provides fully featured single sign-on, federation management and web services security capabilities in a single Java distribution. Customers who purchase Access Manager, the current release of Sun's commercial version of OpenSSO, are now entitled to both support and indemnification for OpenSSO through OpenSSO Express.  This move is in response to demand from both Sun Access Manager customers and OpenSSO community members who requested support for OpenSSO rather than waiting for the next commercial product release.

Some of you may have seen my article on SDN where we explained the new model to the developer community.  You can read the entire text here.  I work with Marina Sum who is a great writer but more importantly a valued manager who kept an eye on the detail of the article.  She is a great asset to Sun and you can read the text here.

Also, if you haven't seen Daniel's blog lately you should see his new moniker (The Smoking Monkey).  This was derived from the work that was done on the teaser campaign for the Fedlet.  However, it was Cote who gave him the name.  YOu should read his blog regularly because not only does he cover the identity space but he also has a deep background in System Management and you can see from his blog title he has his priorities in order.   If you ever get a chance ask him about whether he has ever seen a man walking a cat on a leash?

This is how Sun defines the different releases in the OpenSSO Community.

 Release  Name  Definition
OpenSSO Periodic or Nightly Build
Nightly builds of OpenSSO that customers can download but can only get support from the community via IRC, email or documentation.
 Open Source Supported
Sun OpenSSO Express build
Periodic builds (e.g. released every one to two months) that Sun will provide support to customers that have purchased a license and a valid support contract

Sun Java System Access Manager

Sun Java System Federation Manager

Commercially supported release of OpenSSO.  Sun continues to support backwards compatibility and current release plus the previous two versions for customers.  Customer's can get long term support for their production deployments from Sun.

Here is a picture which describes the new release model.  Sun will provide support for the latest OpenSSO Express build and the previous build (e.g. latest minus one).

This is another move by Sun to align naming and policy across it's OSS projects.  It is important because it give's customer choice.  Customer's can choose to start projects earlier without having to ask their sales guy for an "early access" version of the software that may or may not be tested by a proprietary software vendor.  OpenSSO has 80% of its' code covered by automated test cases.  Additionally, customer's that are ready to go to production today can monetize those projects within their business models.  This means they can make money today with the knowledge that Sun is there to support their business.  This gives customer's choice and opportunity which they did not have last week. 

 We are excited about what this does for our customers.

Friday Jul 25, 2008

Single Sign-On Summit: First Day Recap

The OpenSSO team are in Keystone, CO this week for the first annual SingleSign-On Summit.  The event is very focused on the issues of Single-Sign-On and Federation.  There are approximately 110 attendees so very intimate which has resulted in a number of very good conversations.  The agenda was very well organized and started with a historical overview of the last 20  years in the industry issues associated with Single-Sign-On.  Andrew Cameron, gave a rivetting overview of the keys to getting executive buy-in during SSO and Federation project.  The day ended with small group sessions with some lively convesations about what is going on in Europe with identity cards and how government portals are using that to provide Single-Sign-On accross a number of government entities.  A good example of this is the work that Sun did with  A case study on this can be found here

The day ended with a tremendous dinner at the Ranch where we were able to continue some of the great conversations about the challenges and success characteristics of federation and SSO implementations.  One, customer that was at the event shared the challenges they had in integrating a number of service providers globally with very diverse IT capabilities.  The Fedlet was a great piece of technology that could have helped.  Additionally, a discussing insued between this customer and Covisint whose identity services provides small service providers a platform to connect to as an intermidiary to the big enterprise. 

Pictures to come.

Wednesday Jul 23, 2008

OpenSSO Express: Start your Federation project today with support from Sun

Today Sun announced the availability of OpenSSO Express.  OpenSSO Express allows any customer with an existing license and support contract to Java ES, Identity Management Suite, Access Manager or Federation Manager to get also get support from Sun for OpenSSO Express.  This is game changing as it allows customer's to use the latest innovations from the OpenSSO community while knowing that they have a company with the global reach and support from Sun behind their efforts.  I will borrow a line from Jonathon Schwartz and Rich Green in an article in eweek earlier this year.  Companies that have more time than money can still get OpenSSO for free and use it with support from the community.  However, companies that have more money than time can look to Sun to provide support and allow them to focus on the innovations that differentiate their products or business in the market.  

You can read more about the announcement here.

You can download the software here.


Sharing 12 years of technology experience as developer, product and program manager, and marketing director. Identity Management, Security, and Product Management issues occupy my mind during the working day. Water Polo keeps me healthy.


« July 2016