Friday Sep 11, 2009

OpenSSO Tab Sweep - Sep 11 2009

Wow - it's been months since the last OpenSSO tab sweep. Anyway - here's a collection of the latest news from the world of OpenSSO:

Now I can close a few Firefox tabs and relax. Have a good weekend, everyone!

Tuesday Aug 04, 2009

links for 2009-08-04

Monday Aug 03, 2009

links for 2009-08-03

Tuesday Dec 16, 2008

ようこそ、 NRI!

From Japan, news that Nomura Research Institute (NRI), a consulting and IT solution services company spun off from Nomura Securities, are offering support and services for OpenSSO [Japanese press release] [Google translation to English], including OpenID for cross-enterprise authentication.

As well as being a big endorsement for OpenSSO, this event marks its graduation as an open source project - it's definitely no longer 'just a Sun thing'.

Welcome, NRI! We look forward to your contributions to OpenSSO!

Saturday Mar 15, 2008


Kaliya wonders "if OpenID has been used for activism yet?", then, in a footnote:

Sorry - I am really trying to get openID to work on this hoster (well my tech person Lucy is) there is still something not working. So if you want to comment either link to this blog post and say it on your own site or send me e-mail kaliya (at) mac (dot) com. If any of you OpenID tech folks want to see if you can help her solve the problem let me know I will put you in touch.

There's really nothing I can add...

Wednesday Feb 06, 2008

Paul Bryan Interviewed at Sun Developer Network

As I just mentioned over at The Aquarium, Marina Sum recently published a short interview with Paul Bryan, in which Paul talks about OpenID, OpenSSO and the fight against phishing and identity theft.

OpenSSO participants and regular readers will recognize Paul's name - he was the very first external committer on the OpenSSO project, back in 2006. Paul went on to write the OpenID Extension for OpenSSO (since deployed at before joining Sun in October 2007. While we were sad to 'lose' an external committer, we were very happy to welcome Paul to Sun.

Go read the interview and be sure to leave a comment - this short interview format is new and Marina is looking for your feedback.

Monday Jun 18, 2007

Sun Shines on Open ID

I just listened to my good friends Don Bowen and Eve Maler discussing Sun's OpenID deployment with Brandon Whichard- the latest in Sun's Identity Management Buzz podcast series.

Worth the listen - Eve goes into some detail on the lessons that Sun has already learnt from - and there are some insights into Eve, Don and Brandon's music buying habits. Show tunes, Don? Listen Now or Subscribe via iTunes.

Friday Jun 15, 2007

OpenID @ Work - Architecture

As you might already know, has been live for a few days now. I have my shiny new OpenID ( and have already used it to log in to the Project Concordia wiki and add myself to the list of participants. Everything seems to be working as it should.

It's a fitting time, then, to start explaining how we deployed OpenID, and Hubert has started doing exactly that with this blog entry on the architecture of As you can see from Hubert's description, the OpenID deployment is based on OpenSSO and its OpenID extension, so any interested party can go grab the source and try it out for themselves. In fact, some already have.

Thursday Jun 14, 2007

Slides on Feide, SAML 2.0, OpenID and more

Andreas over at Feide has just published a bunch of presentations he, um, presented the other day in Oslo. Great stuff - and I really like the sparse, clean look. I HATE slides with 15 bullets in 10 point text. The presentations cover the basics of SSO, SAML 2.0, OpenID and a look at Nordic/European collaboration in the education sector. Check them out.

Friday May 11, 2007

Silos, Schmilos!

Ben Laurie posts flame-bait this morning, with an entry titled 'Liberty Loves Silos'. I always find it amazing how folks ascribe the most sinister motivations to Liberty - maybe now that a load of our (previously private) mailing lists are publicly visible, people will see that we are really fluffy and cuddly (except Conor, of course, he's a bit prickly).

Anyway - back to the point... My understanding (I wasn't there for a lot of the early work, so I'm happy to be corrected here) is that the motivation for automated discovery was a seamless user experience. Asking the user for the location of her identity provider, discovery service, calendar service or whatever was seen as a bump in the road, rather than user empowerment. What we're seeing now is a lot of thinking around how we can combine ideas of user identifiers (URLs or i-names) with SAML 2.0 for SSO and ID-WSF 2.0 for Web services. For example, YADIS/SAML or OpenID/ID-WSF.

In any case, user privacy, consent and control has always been foremost - hence all the work on defining how a user can consent to attributes being shared between providers [PDF], not to mention security and privacy [another PDF, I'm afraid].

Monday May 07, 2007

OpenID at Sun

Already lighting up the blogosphere this morning are posts from Tatsuo, Gerry, Rich and Scott all about Sun's new OpenID Provider. Briefly, Sun is launching an OpenID Provider (OP) for all of its employees.

Why just employees? Well - there are any number of sites that offer OpenIDs, and anyone can start their own, but we wanted to try something different. With this service, we are exploring the use of OpenIDs in a business context - what could it mean to have an OpenID that says you are an employee of Sun Microsystems (or, for that matter, any company)? We'll be learning over the next few weeks and months, and, of course, sharing the lessons with the wider community.

On the technical side, we are deploying the OpenSSO Extension for OpenID on OpenSSO. In case the bulbs aren't lighting yet... this means that anyone can grab those components, do a little tweaking round the edges, and roll this out for themselves. In fact, that's exactly what SSOCircle has done, but in a non-enterprise context.

Monday Apr 30, 2007

New Drop of the OpenSSO OpenID Provider Code

Back in March, Paul Bryan released the first version of the OpenID Extension for OpenSSO, implementing an OpenID Provider for OpenSSO, Sun's open source single sign-on/access control/federation project. You might also recall that, at the beginning of this month, SSOCircle put this into production, enabling OpenID Provider services on their public identity provider.

Last night, Paul announced the second drop of his OpenID provider on OpenSSO's developer mailing list. For those of you not subscribed, here is the full text of his announcement:

Hi all:
I have just checked-in the source to the OpenID provider 1.0 alpha2. The following are excerpts from the README file:


The OpenID provider provides a complete OpenID Authentication 1.1 protocol compliant identity provider implementation, complete with full support for OpenID Simple Registration Extension 1.0.


This release includes the following enhancements over 1.0 alpha1:
  • Standalone web application as deployable WAR file
  • OpenID message object model; supports future consumer implementation
  • Trust management user interface (non-persistent trust decisions)
  • Simple Registration Extension user interface
  • On-the-fly l10n and i18n (English, French and German included)
  • Full decoupling from authentication infrastructure through getUserPrincipal
  • Integration with OpenSSO through servlet filter implementation
  • Configurable OpenID identity regular expression pattern
  • Configurable authentication provider principal mapping
  • No more dependencies on OpenSSO internal classes


This is the second release in a planned series of releases. Version 1.0 alpha3 targets to include the following enhancements:
  • Persistent trust decisions (via pluggable persistence SPI)
  • Persistent persona management and associated user interface
  • Integration with other authentication infrastructures
  • Response to errors through published openid.error mechanism
  • Further refinement in preparation for OpenID 2.0 ratification
  • Full supporting documentation
  • Comprehensive logging
For more information, see: As always, any comments and feedback will be most appreciated.
Paul C. Bryan

As soon as I get a chance, I need to go grab this and have a play...

Wednesday Apr 04, 2007

SSOCircle Latest - SAML2.0/PHP and OpenID

Looks like Hu's been busy - not only has he deployed a sample SAML 2.0 service provider based on the SAML 2.0/PHP OpenSSO Extension (formerly known as Lightbulb), he's also rolled out Paul's OpenID code (another OpenSSO Extension). So, now you can go register at SSOCircle and use either SAML 2.0 or OpenID to authenticate to relying parties/service providers, all through the magic of OpenSSO. Cool!

Friday Mar 23, 2007

New Podcast Posted - OpenSSO: Bridging the Gap

Catching up on the blogging - it's amazing how time flies by when you're doing 'real work'!

Last Friday, Brandon Whichard, Don Bowen and I recorded a podcast in Sun's Identity Management Buzz series. There was no agenda - Brandon, Don and I just chatted about what's new, including OpenSSO, its Extensions sub-project and OpenID. As the podcast was recorded on St Patrick's Eve, we even get to the subject of leprechauns and their gold...

Listen Now [MP3] or Subscribe via iTunes

Monday Mar 12, 2007

Lightbulb is Dead; Long Live OpenSSO Extensions!

Last October, we released the first SAML 2.0 implementation in PHP, codenamed 'Project Lightbulb' (because Lightbulb fits into LAMP) and a sub-project of OpenSSO. In the few months since then, other folks have proposed similar extensions to OpenSSO, and the 'Lightbulb' name has looked increasingly anachronistic, particularly since the core OpenSSO project has always fully supported LAMP with its Apache HTTP Server and Tomcat policy agents.

Today, we launch OpenSSO Extensions, OpenSSO's code incubator, with three initial modules:

So - what is an OpenSSO Extension? Well, it's any piece of code that either

  • extends OpenSSO to provide new functionality, for example, the OpenID identity provider, or
  • interfaces with OpenSSO, extending other systems, such as the PHP Client SDK and SAML 2.0 relying party.

If you have an idea for extending OpenSSO in an interesting way, then click here to participate!




« July 2016