Tuesday Dec 08, 2009

OpenSSO & Layer 7: End-to-End Web Services Security

Last week I recorded a new Identity Buzz Podcast with K. Scott Morrison, Layer 7 CTO & Chief Architect. We discussed the Sun OpenSSO Enterprise / Layer 7 SecureSpan Gateway integration. The combined Sun / Layer 7 solution offers a powerful one-two punch when trying to conquer web services security.

Essentially, the solution allows you to deploy SecureSpan as a policy enforcement point and OpenSSO as a Policy Decision Point when abstracting and centralizing authentication and authorization for your company's web services. The SecureSpan Gateway is a nice complement to OpenSSO because it inserts an abstraction layer between the web service requesters and web service endpoints in order to govern and secure their transactions. Rather than having to deploy a local agent to protect every web service you can implement a gateway that acts as a broker to all your services.

To learn more about this integration listen to our latest Identity Buzz Podcast on the topic.

Listen Now

You can also subscribe to the feed and get episodes automatically. Here’s the iTunes friendly link and the Feedburner feed. There is also a nice article describing the integration on the Sun Developer Network titled "Delegating XML Gateway Runtime Authorization to OpenSSO." Enjoy!

Tuesday Sep 22, 2009

Announcing New OpenSSO Community Lead -- Hubert Le Van Gong

I wanted to update you on the news last week about Pat Patterson (aka SuperPat) moving on from Sun and our search for a new community lead.

As you all now know, Pat has moved on from Sun and thus has stepped down as the OpenSSO community lead. I want to wish Pat the best of luck in his future endeavors. He is not only an icon among the OpenSSO world, but he is also a great friend. I jokingly told Pat on his last day that he is "now dead to me," but the truth is I will miss him dearly and look forward to pestering him lots in the future.

That said, I am very happy to announce that our new OpenSSO community lead is Hubert Le Van Gong. Hubert has a long history with OpenSSO. He is an identity architect at Sun with strong expertise in IdM protocols as well as RESTful web services. He started working with OpenSSO in the context of interoperability with the Microsoft-backed web services stack. True to Sun's tradition of eating its own dog food, he then helped deploy OpenSSO and its OpenID extension as an Identity Provider for Sun employees. More recently Hubert has been working on new OpenSSO extensions like OAuth and OpenID 2.0. Check out Hubert's blog to read about OpenSSO community activity and feel free to ping him via IRC. His IRC handle is hubertlvg.

In addition to Hubert, you can always contact me directly at daniel.raskin@sun.com or Jamie Nelson, the Director of OpenSSO Engineering, at jamie.nelson@sun.com. We are also on IRC and our handles are draskin and jamiefnelson, respectively.

Please join me in welcoming Hubert to his new role and start pinging away with questions!

Saturday Nov 10, 2007

AAAA Identity Services in OpenSSO

There have been great strides in the OpenSSO community and one of the areas I am particularly proud of is the addition of identity services. Applications that authenticate end users using identity services can securely pass their attributes to OpenSSO without the need of an agent or labor-intensive kit. Identity Services can be invoked using REST or WSDL interfaces in the IDE of your choice. This means no agent is required to protect a resource. The identity services in OpenSSO (and available in our Spring release of Federated Access Manager 8.0) include:

\* Authentication — Verification of user credentials

\* Authorization — Permission for authenticated users to access secured resources

\* Attributes — Collection of the profiles of authenticated users

\* Audit Log — Ability to audit and record operations

Below is an example of the authentication identity service being invoked using Netbeans. This service is IDE agnostic and can also be used in Eclipse and Visual Studio.

If you're interested in exploring this functionality download OpenSSO and begin playing today. Also, Aravindan Ranganathan, one of our talented software architects at Sun, wrote a nice technical article titled Securing Applications With Identity Services, Part 1: Authentication. He will be publishing three more technical articles on the remaining services shortly - Authorization, Attributes, and Audit Log.


Read my extraordinary thoughts about the world of identity and access management. As an identity child prodigy, I have much to say about these subjects.


« February 2017