Sunday Jul 19, 2009

Shhhh - get into the Sun Hospitality Suite at Burton Catalyst 2009 FREE

I blogged last week about Sun's hospitality suite at the Burton Catalyst conference in San Diego later this month (July 29th to be exact). I included a priority code in that post that would get you a discount off Catalyst conference registration; well, with a bit of digging I've unearthed the code that will get you a pass to get into the hospitality suites (NOT the sessions, mind) absolutely free (and, as we all know, there's nothing better than free, right?). Just register at the Burton site with super-duper secret priority code sun1du0w - and, shhhhh - don't tell them you got it here

Tuesday Jul 14, 2009

Coming Up - Burton Catalyst Conference 2009 - and Don Bowen - in San Diego!

There's DIDW, IIW and even the SSO Summit, but, for me, the premier identity conference of the year is still Burton Catalyst. I've been going since (if I remember correctly) Burton Catalyst Europe, 2002, in Munich, and it's always a great industry gathering, with thought provoking sessions and fun hospitality suites (so much better than an expo floor!).

This year, from July 27th-31st, Catalyst returns to San Diego, at the Hilton San Diego Bayfront Hotel, and Sun's identity team, as usual, is hosting it's very own hospitality suite, on the evening of Wednesday July 29th. The theme for 2009 is Hip Hop - East Coast vs West Coast.

We'll have a break-dancing crew, 'signature East Coast/West Coast munchies', a whole bunch of demos, one-to-ones with Sun's identity domain experts (and me), and much, much more. It promises to be a VERY fun night. If you haven't yet registered for Catalyst, here's some good news, Burton are offering discounts on registration for 'Sun friends' - register at the Burton site with super-secret priority code sunFriend and we'll see you on the night!

Switching gears slightly, it was at my very first Catalyst, at Munich, back in 2002, that I first met Don Bowen, then (again, if my memory serves me) technical product manager for Sun Directory Server. We worked together in product management for a couple of years, and remained very close friends when I returned to engineering in early 2005.

If you know Don at all, you'll be aware that he's been fighting brain cancer since late 2007. In characteristic Don style, he's not taking it lying down, but battling away in great spirit, documenting the journey in regular blog entries. It's inspiring stuff, and puts most people's day to day travails into pretty sharp perspective. Anyway, the good news... make that GREAT news, is that Don will be at Catalyst this year, and a few of us have organized a post-hospitality suite get together to share a few beers and (if past experience is anything to go by) a lot of laughs with Don. It's on Wednesday July 29th, the same night as the Sun hospitality suite, at Henry's Pub, 614 5th Ave (between G St and Market St), about 15 minutes walk north of the Hilton. Full details are at the Meetup page we created for the event. Please RSVP if you're planning on joining us!

UPDATE Eve also covers the Project Concordia workshop being held on the Monday: Use Cases Driving Identity in Enterprise 2.0: The Consumerization of IT and the Cloud SSO Interop Demo, in which Sun is participating with OpenSSO. Two more reasons to be in San Diego the last week of July!

UPDATE 2 Get into the Sun hospitality suite FREE!

Tuesday Jun 26, 2007

Concordia Workshop June 26 2007

Well, I was going to type up my notes from the Project Concordia workshop yesterday, but it looks like the two Marks (Dixon and Wahl) comprehensively beat me to the punch. Much good stuff, particularly the GSA eAuthentication presentation, which detailed the issues involved in rolling out federation across the Federal Government. It was also refreshing to see folks from Microsoft and the OpenID and Liberty Alliance communities engaging most constructively. Seems like Concordia was appropriately named.

Sunday Jun 24, 2007

It's only a flesh wound!

The Burton Group's Catalyst conference is always great value - insightful analysis from the Burton crew, customer case studies and last, but certainly not least, vendor hospitality suites. Our superstar marketeer Bianca Botello always does a fantastic job on Sun's suite - last year's theme was a superhero-filled Identity City; 2005 saw an Identity Mission into space. This year it's 'Monty Python and the Holy Grail' - complete with our CEO, president and star blogger 'King' Jonathan Schwartz. Come and quaff ale at Sun's hospitality suite in the Hilton San Francisco's California Room on Thursday, June 28 from 6 to 9:30pm.

Sign up for a hospitality suite badge with promo code: hsgsun.

While we're on the Holy Grail theme... It's a little known fact that my older brother, George Patterson, was an extra in Monty Python and the Holy Grail. A couple of years ago I bought the DVD and captured the relevant screens. Here's George dancing in the wedding scene (he's the tall guy with red hair), about to be slaughtered by John Cleese:

And a very cool close-up, post-slaughter:

A more recent pic:

As far as I know, George has had zero presence on the web. Until today

Wednesday Jun 21, 2006

A Catalyst with a difference this year...

If you haven't been to Burton Catalyst before, this is the setup: during the day, you have the conference sessions, but no vendor expo. In the evenings, the various vendors lay on food, drink and demos in a variety of themed suites at the conference hotel. Sun's theme this year was 'Identity City', complete with superheroes and a game than involved donning velcro boots and racing an opponent on a velcro floor. (Great work, as always, Bianca!) You get to wander round, sampling the victuals, watching vendor demonstrations and chatting with other attendees.

This year, unfortunately, I didn't manage to get a full conference pass for Catalyst (there are some trade-offs inherent in the move from marketing to engineering). I did, however, get a free pass for the evening hospitality suites. These passes are pretty easy to come by - basically, just talk nicely to anyone involved in Catalyst, a hospitality suite vendor whatever. In fact, I'm guessing that, if you just showed up at the registration desk and asked nicely for a hospitality suite pass, they'd give you one.

Anyway - the upside is that I got to meet a bunch of 'old friends' (well, 'old' in Internet time) and some new folks too. I was photographed by my colleague Mark Dixon, videoed by Kaliya 'Identity Woman' Hamlin and, after the suites closed down, hit the town with a whole bunch of current and ex-Sun people.

The moral of the story? Even if you can't manage to be there for the whole conference, the hospitality suites are free and great fun. Here's looking forward to '07!

Tuesday Apr 18, 2006

Multi-protocol Identity Implementations

Interesting to see the discussion over the past few days between Phil Windley and Johannes Ernst on multi-protocol identity implementation. I've been through a couple of iterations of this myself, with last year's Microsoft/Sun Web SSO specifications and the Burton Catalyst multi-protocol federation demo.

There is a complex dynamic between identity providers supporting many protocols to service a wide range of relying parties and the converse, relying parties supporting many protocols to allow users to authenticate at any one of a range of identity providers. In the B2C world, it seems likely that the role of identity provider will naturally gravitate towards the big guys - maintaining a secure identity infrastructure is expensive - scale provides natural economies. This would seem to indicate that identity providers will be able to dictate terms - "My way or the highway", but we haven't seen much evidence of that. On the contrary, identity providers seem to be the ones interested in multi-protocol support at their end - the multi-protocol identity provider hub model that we demonstrated with Access Manager at Catalyst.

The logic is that, once you have an infrastructure for storing identities and authenticating users, supporting 2, 3 or 4 protocols isn't much more difficult than supporting 1. The relying party is in a different position - their core business is the service they are providing - horoscopes, online gaming, a blogging platform, whatever. The relying party wants to pick a protocol, implement it with identity provider #1 and add identity providers over time without a bunch of extra expense and complexity.

On the other hand, in the B2B arena, the dynamics may turn out to be the reverse, as relying parties (service providers) such as 401(k) providers, health benefits providers and even political action committees implement federated SSO to allow company employees to leverage their enterprise login to access external resources. Here, the relying party may take the driving seat, implementing a range of protocols as they implement federation with a range of their customers. Enterprises are deploying federation internally first, hooking up divisions, so when a service provider offers federated SSO the identity provider is likely to have already selected a technology.

Caveat - this is a rapidly evolving market (who would have foretold the explosion in user-centric identity?) and the above is based on the observations of one guy talking to a random bunch of enterprises and organizations. I'm perfectly prepared for a bunch of incoming links over the next few weeks/months/years explaining just how wrong I was

Friday Jul 15, 2005

That Was The Catalyst That Was

Well, I'm sitting here in the Application Security track on the final day of Catalyst. Other bloggers (Kaliya, Phil, Mark) have covered the sessions in some detail; here are my highlights:
  • Wednesday
    • Mike Neuenschwander trashing a cell phone on stage, making a point about deprovisioning. Mike swung the phone by its headset cord and whacked it into the stage - cellphone deprovisioned.
    • Jarrod Jasper of GM, again on the importance of deprovisioning. Apparently a GM employee left the company and kept his cellphone. Said employee proceeded to start up a 900 number and ran up $50,000 a month on the phone. For 18 months... Ouch!
    • Johnny L's presentation on OpenSSO.
    • The Multi-Protocol Federated Identity Interoperability Demonstration - Sun's Access Manager acted as an identity provider to 13 service providers. The user could log in to a portal protected by Access Manager, then access the 13 SP sites without providing further credentials, each SP recognising the user's identity via SAML 1.0, SAML 1.1, Liberty ID-FF 1.2 or SAML 2.0. For the record, we worked with BMC, CA, DataPower, HP, IBM, Internet2, Novell, Symlabs and Trustgenix to pull this off. Kudos to all concerned, particularly Wei Sun and Emily Xu - ace developers on the Access Manager team. Emily arrived on Monday morning, set up, configured AM for the set of service providers... and that was it. Not one line of AM code changed between Monday morning and the demo event on Wednesday night.
  • Thursday
    • Ken Weiss of Charles Schwab with a compelling presentation on how Schwab have built a web services infrastructure to manage employee identity and access. Great delivery, great content.
    • Dick Hardt of Sxip's presentation on Identity 2.0. Wow - he was paging through slides about one every two seconds, each slide containing a single graphic or a word or two. Think D. A. Pennebaker's famous film of Dylan's Subterranean Homesick Blues. The thrust of the presentation was that we need an Identity 2.0 to match Web 2.0, with protocols that are simple, secure and open. Dick sets a new standard for presentations at Catalyst - you're right, Don, definitely Presentation 2.0.
    • Sun's hospitality suite had a 'space' theme - Identity Mission '05. Our event organiser, Bianca Botello, did a truly excellent job - we definitely had the suite of the show.
    • Meeting Stefan Brands, who explained his technology for user-centric identity to me, and also warned me off reading his book - "It's very esoteric". Too late, Stefan... I'm already on chapter 2.
    • The after-party at the W bar, and waving Dick Hardt (Sxip) and John Shewchuck (Microsoft) off in a cab at 2am, Tijuana bound (them, not us!). Rather disappointingly, I hear that they returned intact. Oh well...
So - yet another great Catalyst. If you're working in identity management, and you can only attend one conference, make this the one.

Thursday Jul 14, 2005

Celebrity Lunch at Catalyst

Day Two of the Burton Catalyst conference. Some great presentations today, and a good lunch with a bunch of interesting people:

Mark Wahl (Author of LDAPv3, Founder, Informed Control) and Chuck Mortimore (Vice President, Product Architecture, Sxip Identity)

Dick Hardt (Founder & CEO, Sxip Identity) and Doc Searls (You all know who he is )
Dick is on stage later to talk about Identity 2.0... Should be interesting...

Wednesday Jul 13, 2005

OpenSSO is here!

I'm sitting here in the Identity & Privacy track at the Burton Catalyst conference in San Diego. Johnny L just left the stage, having announced that Sun will be open sourcing web single sign-on as OpenSSO - part of Sun's ongoing commitment to the Participation Age.
We will be releasing source code for authentication, single-domain single sign-on, web and J2EE agents (the core of Sun's Access Manager product) under the CDDL license. You will be able to download, build, extend and use the software without charge.
Here is the roadmap from the opensso site:
August 2005High level architecture document and use cases for Open Web SSO.
October 2005Read-only buildable sources for Session Module, that will provide ability to implement basic Single Sign On solutions.
December 2005Read-only buildable sources for Authentication Module, that will provide the ability to implement a full scale single sign on solution.
February 2006Read-only buildable source code for Early Access that will include an implementation of Single Sign On Agents for one web and one application server.
April 2006Complete Open Source availability for all sources.
You can read much more at the OpenSSO page and particularly the FAQ. Google News already has the press release and an article at
So, go sign up at - the forums are open for discussion and questions. Welcome to the Participation Age!

Tuesday Jun 21, 2005

First Multi-Protocol Federated Identity Interoperability Demonstration

The Burton Group is organizing a demonstration of multi-protocol federated identity at its Catalyst conference in San Diego next month. We will be showing Access Manager acting as a multi-protocol identity provider hub. That is, Access Manager will be enabling single sign-on between a set of service providers, each of which will be supplied by a different vendor, supporting a different federation protocol:

To keep things simple in the diagram, I haven't shown any back-channels between the identity provider and the service providers.
So, no matter which provider the user visits first, he will be redirected to authenticate at the identity provider. Now the user can visit any of the service providers without further authentication, despite the fact that they are all using different federation protocols. Cool!



« February 2017