Wednesday Feb 18, 2009

Verizon Wireless on Improving Security and User Experience with Sun Access Manager

Last November, at the Gartner Identity and Access Management Summit 2008 in Orlando, FL, Damo Bashyam of Verizon Wireless (VZW) gave a presentation titled 'Simplify Identity Management to Improve Security and Online Customer Experience'; Daniel just pinged me to say that this presentation is now online, along with the associated slides, and what a presentation it is!

If you're looking for marketecture, then move on; if you want to know how the largest wireless telecommunications network in the United States is using Access Manager (the old name for OpenSSO Enterprise) in a high-scale, high-availability deployment, then it's all here, in just 23 minutes. Some of the numbers are staggering: over 40,000,000 users, 1,000,000 logins per day, peaking at 4,000 logins per minute. VZW deployed Access Manager into two data centers, with session failover within each data center and multi-master replication between six Sun Directory Server instances.

The preso and slides detail all this and the business benefits to VZW - for me, given my focus on federation, one highlight was the fact that they have extended single sign-on to 25 third-party application service providers (ASPs), 12 of them in a single night with just 4 hours (planned) downtime for the cutover. Another interesting aspect is that this is a Sun stack, top-to-bottom, so VZW have just one throat to choke in the event of an issue, with no intra-vendor finger pointing. Damo describes it as a partnership - one that has brought real and lasting benefits for both partners.

So... go download the slides, make yourself a nice cup of tea, and spend a few minutes watching the preso:

Friday Oct 24, 2008

OpenSSO Tab Sweep - Oct 24 2008

Wow! OpenSSO is HOT right now...

Finally, OpenSSO is coming to the Stories blog - our first OpenSSO adoption story will run on Monday and will feature... well, you'll have to go look on Monday, or subscribe to Stories

Tuesday Sep 30, 2008

links for 2008-09-30

Thursday Sep 11, 2008

OpenSSO Integration with CAS

Hot on the heels of last week's Jira plugin, Qingfeng Zhang (all I have is the name) has posted an an entry to the JA-SIG CAS wiki explaining how to integrate Sun Access Manager (aka OpenSSO) with JA-SIG CAS via an OpenSSO authentication module. This integration lets users login to CAS and access resources protected by OpenSSO. Nice work!

Again, I haven't tried this out yet, but, if you have, let me know in the comments how you got on...

Friday May 23, 2008

Definitely the Best Version of AM Ever!!!

The title of this blog entry is a direct quote from an email we received from a very happy Sun SE today. He's kindly given me permission to share it. I added the links for convenience

Date: May 23, 2008 7:04:20 AM PDT
Subject: Federation POC Success
Wanted to let you know I just had worked on a POC for a long term oppty for some common activities going on at several government operations.
I used build 4 of OpenSSO and the most exiting part for me and please share with the team was:
1) How nice the install experience was
2) The Federation Wizards are awesome (only suggestion is to allow user to name the MetaAlias; I don't think you can add more than two entities using the wizard)
3) Integration with third party (HP Select Federate) was a dream!!!

1) Install AM
2) Run Local IDP Wizard
3) Run Remote SP Wizard to point to HP Data URL
4) HP Points to my URL for Meta Data
5) Test and WORKED FIRST TIME!!!

No kidding!! I have no idea of effort for the HP install, but with that in place, my entire time spent before I was exchanging SAML assertions with HP was about an hour (had I known I would be breaking personal records here, I think I could have sped that up)
Best news is a partner who recommends Sun witnessed that (jaws dropped).
Thanks to you and your team for what is definitely the best version of AM ever!!!

Says it all, really. Kudos to the entire AM engineering team, and, indeed, the wider OpenSSO community for what is turning into something very very special.

Monday Apr 14, 2008

From the Trenches - Daniel Raskin on Simplifying Federated Access Management

Tech author Marina Sum over at Sun Developer Network continues her series of interviews; this time in the hot seat is Daniel Raskin, senior product line manager for access and federation management at Sun.

In the interview, Daniel lifts the lid on some of the cool new features coming up in Sun Federated Access Manager 8.0 (and, of course, available NOW in OpenSSO), including Fedlets, Virtual Federation, the Federation Validator and more. Exciting stuff!

Monday Mar 24, 2008

Fame! Well, an interview at Sun Developer Network...

From the shameless self-promotion dept...

Hot on the heels of her interview with Jamie last week, Marina's latest subject is... me!

Sadly, my suggested title of "Sun's Rising Identity Superstar" was rejected in favor of the far less exciting "OpenSSO, a Thriving Community". Oh well...

Tuesday Mar 18, 2008

From the Trenches - Jamie Nelson on Web Access Management

Sun Developer Network tech author Marina Sum starts a new series of interviews this week with OpenSSO's benevolent dictator and Sun's director of engineering for access and federation management, Jamie Nelson (my boss, so I'd better be careful here!).

In the interview, Jamie explains how web developers need to consider security, but, at the same time, avoid hard-coding it into their apps. Some great tips and useful links for any web developer - read the article here!

Thursday Feb 07, 2008

FAMTalk 02: Federation

I just uploaded the second FAMTalk podcast - this time, I have the host's seat, presenting 'Federation', with a particular focus on SAML 2.0. You can download a PDF plus MP3 or AAC files from, or simply subscribe to FAMTalk via iTunes or RSS.

We had some frustrating technical problems recording this episode - the Sony USB headset (UAB-260) I was using developed an annoying crackle about halfway through the program. Unplugging, replugging, rebooting - nothing made it work for more than a few minutes at a time. After wrestling with it for an hour, we decided to just record the outro segment together and I ordered a Griffin iMic to replace the Sony USB Audio box (the headset itself seemed ok) to fill in the gap on my own.

The funny thing was, I got a bit of a cold between the first recording and the second, so the transitions between the different segments are quite obvious - you can hear me get sick and recover, all within an hour

Wednesday Jan 23, 2008

Holed up in Vegas at FAMFest

At the Tropicana in Las Vegas, hard at work on a new generation of product demos for Federated Access Manager 8.0. Lots of folks here from Sun's SE community and the product group. Lots of bloggers, too - looking around the room I can see Terry, Rajeev, Derrick, Daniel, Sidharth, Wajih, Mark, Scott, Nick and Jeff - nearly half the attendees, in fact.

Friday Jan 18, 2008

Fine-Grained Authorization with Sun Java System Access Manager

Following on from last June's Sun Developer Network article on Basic Authorization with Sun Java System Access Manager, Robert Skoczylas of Indigo Consulting and Sun tech author Marina Sum recently published a second article, Developing Secure Applications with Sun Java System Access Manager, Part 2: Advanced Authorization.

This time, Robert and Marina look at how Sun Java System Access Manager can be used as a general purpose policy store, and, with some customization, can provide fine-grained authorization for UI elements rendered by both Java and .NET web applications. This is a great article to read if you've wondered how Access Manager can be used to authorize access to resources other that the usual web page URLs.

Tuesday Dec 18, 2007

Introducing FAMTalk

As Terry Sigle blogs today, FAMTalk (feed) went live this week. FAMTalk is a monthly podcast focusing on federation and access management (the FAM of the title) and their implementation in Sun Java System Federated Access Manager (the forthcoming next version of Access Manager) and OpenSSO. Your regular hosts will be Tim Campbell (Sun Partner Enablement), Steven Jarosz (Sun Americas Software SE - Federal), Terry (Sun Americas Software SE - Telco) and me (OpenSSO 'community guy').

In episodes 1a and 1b (we split the original 1hr 40mins or so in two), Tim presents Access Manager 101. You can download a PDF plus MP3 or AAC files from, or simply subscribe to FAMTalk via iTunes or RSS. Apparently the AAC files include the slides, which should play in sync with the audio on many iPods. I need to go check it out on my iPhone and see how it looks...

FAM 8.0 Puts the 'Full' in 'Full-Matrix SAML 2.0 Interoperability Testing'

As you might have just read, Liberty Alliance recently completed its first 'full matrix' SAML 2.0 interoperability test. Not only was Sun amongst the successful participants with its upcoming Federated Access Manager 8.0 product, we were the only participant to successfully test every conformance mode. Daniel, of course, beat me to the punch on this one, though I like to think my entry is laid out a little more neatly

I'll also take this opportunity to point out that, although Federated Access Manager 8.0 is scheduled for release next year, you can get the code and binaries right now via the OpenSSO project - in fact, we just released 'build 2' of OpenSSO v1, which includes the tested code.

Wednesday Nov 28, 2007

Authorization with OpenSSO's Identity Services

One new area of work in OpenSSO is Identity Services, allowing a developer to easily write code to authenticate users, check if those users are authorized to access resources, retrieve those users' attributes etc. While all of this functionality has long been available in different forms, the new Identity Services work collects common identity tasks into an easy-to-use set of web services accessible via SOAP and REST. Now developers working in just about any language can join the identity party

Last month, Aravindan and Marina published a Sun Developer Network article showing how to use OpenSSO's identity services for authentication. This month, Lakshman Abburi joins them to cover authorization with identity services. The identity services client from part 1 is extended to check whether the authenticated user should be allowed access to a given resource, in this example, a URL. Although the article focuses on Java and NetBeans, as I mention above, you can invoke identity services from just about anywhere. Go read the articles, have a play, and leave a comment here or there if you do something really cool.

Monday Nov 12, 2007

I'm the Leader, I'm the Leader...

...I'm the Leader of the Gang (I Am)!!! I know - Gary Glitter has fallen long and hard, but it's still a great song and appropriate for today - Gartner has placed Sun Java System Access Manager in the leader quadrant of their Magic Quadrant for Web Access Management, 2H07 [PDF]. I happen to think that they have under-rated us somewhat on our completeness of vision, but I can't argue with the rating on ability to execute.

One thing worth mentioning is that one of the 'cons' listed for Sun - "Sun does not support ADFS/WS-Federation in its federation tools" - will be addressed in the next release - Federated Access Manager 8.0 - and is already in OpenSSO. So, if your existing infrastructure leans to the MS side, but you need world-class web access management, federation, identity web services and more, scoot on over to OpenSSO and take a look.




« July 2016