Thursday Jan 28, 2010

So Long, Farewell, Auf Wiedersehen, Good Night


Well, my friends, it is time for me to say goodbye. It's been a wonderful 5 years at Sun. As many probably suspected, I will not be joining the Oracle Identity team.

These past five years have been the best professional experiences in my life. I had a blast working with the Java Enterprise System team and Sun's systems management team, but nothing beats my experience working with the most talented Identity Management team in the world. Oracle is inheriting THE BEST Identity products available and I wish them luck on their strategy and direction.

Although I'm very happy that this process has finally come to a close, I am sad to see Sun fading away. I believe the environment that Sun fostered was a once in a lifetime opportunity and I appreciate the experience and have tremendous gratitude for all that it offered me.

If you want to continue following my blog, I plan to continue to write on identity at www.smokingmonkey.org. Also, feel free to connect with me on LinkedIn.

Thursday Jan 21, 2010

EU Clears Oracle-Sun Deal


Wow. It's finally here. I know it's a good thing that this is closing, but can't help but feel sad. Despite all of its problems, I don't think we will ever see an amazing company like Sun again. A few more days to "assimilation."

The European Commission has approved under the EU Merger Regulation the proposed acquisition of US hardware and software vendor Sun Microsystems Inc. by Oracle Corporation, a US enterprise software company. After an in-depth examination, launched in September 2009 (see IP/09/1271 ), the Commission concluded that the transaction would not significantly impede effective competition in the European Economic Area (EEA) or any substantial part of it.

Read Press Release

Also, remember to check out my new blog at smokingmonkey.org.

Thursday Jan 14, 2010

New Blog at SmokingMonkey.org


Today, I imported all entries from this blog into my new WordPress blog at smokingmonkey.org. I'm using GoDaddy to host and installed my own instance of Wordpress. I plan to double-post content to both sites for the forseeable future. Figured it was time to have my own space to blog so I could be more irreverent then ever!

Visit SmokingMonkey.org!

Sun Webcast Series - Identity Manager and Role Manager Product Update


Register for this free Webinar to learn more about the latest identity administration advancements for Identity Manager and Role Manager, including:

\* One-click enablement of compliant provisioning
\* Integrated role assignment
\* Preventative, real-time segregation of duties (SoD) policy enforcement

Topic: Sun Webcast Series - Identity Manager and Role Manager Product Update
Date: Wednesday, January 20, 2010
Time: 10:00 am PT / 1:00 pm ET / 19.00 CET (check my timezone)
Duration: 1 hour
Speaker: Sun Product Manager Mat Hamlin

Friday Jan 08, 2010

Express Scripts Accelerates Provisioning by up to 64% with Sun Identity Management


On the customer front -- Express Scripts has deployed Sun's Identity Management Portfolio to implement a centralized identity management solution that automates provisioning for more than 100 systems based on an employee’s job function or operational role. The solution has created a centralized identity directory that maps multiple corporate identities on disparate systems that are each associated with a single employee.

Here's a link to the customer success story

You can also read more identity customer success stories here.

Tuesday Nov 24, 2009

Sun Directory Server Enterprise Edition 7 and Role Manager 5 Now Shipping!

I'm happy to announce that Sun Role Manager 5 and Sun Directory Server Enterprise Edition 7 are now shipping!

Sun Role Manager 5.0 is the latest release of Sun's Enterprise Role Management and Access Governance solution. In this release, Sun is extending it's leadership in the market by driving innovation that will allow companies to move beyond answering the simple question of “who has access to what?,” and make available the information necessary to intelligently govern the definition, assignment, and enforcement of access within an organization.

Sun Directory Server Enterprise Edition 7.0 allows companies to grow faster and easier. The new release focuses on two key areas – improving performance and lowering total cost of ownership. This release boasts a 3x performance improvement over the previous version of the product. In addition, this release provides hardware optimization with up to 60% improvement in authentications and modifications. This allows customers to accelerate their applications without changing a line of code.

If you would like a recap of what's new, check out our press release and updated Role Manager and Directory Server EE product pages below.

1) Read Sun Role Manager 5 / Directory Server 7 Press Release
2) Visit the Sun Role Manager Product Page
3) Visit the Sun Directory Server Enterprise Edition Product Page

Also, you can watch a recap of our launch webinar by just clicking on the video below.

Wednesday Oct 28, 2009

ABAC + RBAC = ARRRRR-BAC

Arrrr, me mateys!

I'm going to stand on my soap box for a few minutes to share my take on the ongoing dialogue around RBAC versus ABAC. The debate over which one is better seems to be as heated as the debate over which side of a black and white cookie tastes better (Seinfeld - Black & White Cookie Episode).

I'm constantly asked by customers about which approach I prefer. Analysts seem to enjoy this conversation as well. In fact, Kuppinger-Cole did a nice Q&A on the debate earlier this week and does a great job outlining the issues.

Critics of the RBAC model argue that RBAC is static and believe that taking an RBAC-only approach will lead to an excessive number of roles. They argue that policy decisions will need to leverage Roles plus attributes embedded within your application infrastructure.

Honestly, I think the debate here is somewhat self-created by framing it in terms of RBAC versus ABAC rather than simply acknowledging that a good policy engine needs to support both roles and dynamic attributes. It is very rare to come across customers that are able to contain all attributes within a role. I have yet to see a real-world organization with a clean RBAC implementation. Arguing for purely RBAC is a nirvana that casts a blind eye to the grey areas of the application infrastructure world.

The issue of RBAC v. ABAC is less a decision about choosing one over the other and more a decision around where one draws the line when defining roles. Todays organizations need to define a clear line between what attributes should be part of a role and what should remain application specific. The balance between how you define roles versus attributes is very use case driven and contextual to each customers environment. This boundry is often based more on business context, IT budget, perceived value of abstracting identity from apps, and a gazillion other factors that could influence what you should do.

From the perspective of entitlement enforcement, the basic jist is that any system that is going to work for a customer needs to support both ABAC and RBAC. Policy enforcement decisions need to take in to consideration role definitions and sometimes they also need to incorporate dynamic attributes from applications.

As we refine entitlement enforcement in OpenSSO (our Beta was made available in September 2009) we are looking at this from both perspectives and expecting real implementations to require a hybrid solution that is dynamic and can take in to consideration both roles and attributes. Our solution consumes roles, allows applications to push attributes to OpenSSO for policy evaluation, and allows OpenSSO to pull attributes for policy evaluation. In fact, OpenSSO also supports policy referrals or partial policy referrals to help make an "accept" or "deny" decision.

Thus, my solution is to stop arguing about RBAC versus ABAC and change the name to ARRRRRRRRR-BAC (use the best pirate voice you can muster). Thus, like the black and white cookie, we can all live together again in harmony.

Tuesday Oct 27, 2009

Sun @ Internet Identity Workshop Next Week


The Sun Identity team will be actively participating in the Internet Identity WorkShop next week in Palo Alto. We're looking forward to talking about hot new technologies such as OAUTH and Vendor Relationship Management and hope to actively share our ideas around innovation in the identity and access management space. We just signed up as a sponsor (better late than never) and will be providing lunch on one of the days. Hope to see you there!

Thursday Oct 22, 2009

Sun Webcast - Improve Compliance, Access Controls, and Performance

Below is a great webcast put on by Nick Wooler and Neil Gandhi from the Sun Identity team. They discuss all the great new things in Role Manager 5 and Directory Server Enterprise Edition 7. I'm always struck by the hypnotic power of Wooler's voice. I'm convinced he has a bright future in Books-on-Tape. Check it out!

Friday Oct 09, 2009

Bookmarks for October 9th 2009

Links for the day . . .

  • Sun Microsystems Releases New Versions of Role Manager and Directory Server Enterprise Edition -- Sun Microsystems, Inc. (NASDAQ: JAVA) today announced new versions of Sun™ Role Manager software and Sun™ Directory Server Enterprise Edition, offering organizations updated tools to intelligently manage their identity portfolio. Customers will benefit from increased business transparency and compliance, simplified access controls, as well as better performance and scalability.

  • The OpenSSO REST Interfaces in Black / White – DocTeger gives a comprehensive explanation of OpenSSO's REST-like identity services, with the usual cool music video at the end.
  • Thursday Jul 16, 2009

    Technology Preview: OpenSSO OAuth Token Service

    Check out the preview of our new OAuth Token Service. You can now use REST and the OAuth Token Service for securing your apps. It's a nice, light-weight alternative to WS\*.

    Wednesday Jul 15, 2009

    OpenSSO Enterprise: Fedlet for .NET in Action

    Building on the now classic "Fedlet for Java / Guns N' Roses Video," we now have a video for the newly released Fedlet for .NET. BTW, thanks to Giuseppe Gennaro, engineering rock star extraordinaire, for helping to pull this together. Also, to experience the Fedlet download OpenSSO Enterprise Update 1. Enjoy!

    Join Sun at Burton Catalyst -- Insane in the Membrane!

    Join the Sun Identity Management team at the Burton Catalyst conference in San Diego, California on Wednesday, July 29th, 2009. Stop by our Hospitality Suite and learn how you can simplify security and compliance for your business while you enjoy some 80s style fun!

    This is your VIP pass to our "Identity Underground" Hospitality Suite featuring:

    \* Break dancing by the OuterCircle Crew
    \* Signature East coast and West coast munchies
    \* On demand demos of Sun's industry leading identity management solutions
    \* One to one chat with Sun's identity domain experts
    \* A raffle with great prizes - and the more you participate, the more chances you have to win!

    About

    Read my extraordinary thoughts about the world of identity and access management. As an identity child prodigy, I have much to say about these subjects.

    Search

    Categories
    Archives
    « April 2014
    SunMonTueWedThuFriSat
      
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    25
    26
    27
    28
    29
    30
       
           
    Today