Tuesday Aug 04, 2009

links for 2009-08-04

Thursday Jan 08, 2009

links for 2009-01-08

Tuesday Nov 04, 2008

Selling Trust

Brad Cox, a regular in the OpenSSO IRC channel just came out with a line that, I think, perfectly encapsulates the spirit of open source at Sun:

"Sun used to sell bits. Now you're selling trust. Interesting times!"
Interesting times indeed!

Friday Oct 17, 2008

links for 2008-10-17

Tuesday Sep 23, 2008

links for 2008-09-23

Sunday Jul 06, 2008

Gartner: Sun IAM & Open Source - STRONG POSITIVE

Via Tatsuo Kudo - Gartner recently published their latest vendor rating for Sun. The overall picture is, well, sunny, if you'll pardon the pun, but I'm particularly pleased with their ratings in the areas of Identity and Access Management and Open Source - 'Strong Positive'\* for both, which means that OpenSSO and OpenDS must be doubly blessed

\* Strong Positive: Is viewed as a provider of strategic products, services or solutions:

  • Customers: Continue with planned investments.
  • Potential customers: Consider this vendor a strong choice for strategic investments.

Saturday May 17, 2008

links for 2008-05-17

Friday Apr 11, 2008

OpenSSO - Download, Evaluate, Deploy!!!

A few days ago I was IMing with a guy that works for one of the large systems integrators. They have an opportunity to deploy OpenSSO with a large customer. They particularly want OpenSSO, rather than, say Sun Java System Access Manager 7.1, as they need some of the new features developed over the last few months, in advance of the upcoming Federated Access Manager 8.0 release. The SI discovered OpenSSO, found that it met the needs of their prospective customer, evaluated it for the specific requirement and decided that it was the right solution.

My correspondent mentioned something quite disturbing to me... "[sales person] told me it was 'forbidden' to use OpenSSO in commercial environment". Well, of course, nothing could be further from the truth! If you read my blog, The Aquarium, Jonathan Schwartz's blog, or just about any other channel of information from Sun, you'll know that our open source software (and in fact, most of our closed source software) is free for download, evaluation and deployment in any fashion that you see fit. We welcome folks deploying OpenSSO, Glassfish and even Solaris on their production systems, the point being that they often get in touch afterwards saying "We've evaluated and deployed X, now we'd like support, so how do we give you some money for that" (this actually really does happen!).

I mention this today because I was in a SEED meeting this morning where Jonathan was speaking (I was going to say that he was the star turn, but he'd be the first to disagree with me on that!). I told the above story to him, and his answer was to blog about it. Oh, and to email a couple of people in Sun on the need to educate our sales force. So here we are, dear reader. OpenSSO - available for deployment wherever, whenever it's needed.

Thursday Mar 13, 2008

links for 2008-03-13

Monday Oct 08, 2007

CDDL as a middle way

In a recent blog post, James McGovern reckoned that my "perspective on CDDL is somewhat insular and indoctrinated". As I was wondering how to reply to this, there was some discussion on the OAuth mailing list on the merits of different licenses. I posted this to the list this morning:

As you survey the landscape of open source licenses (http://opensource.org/licenses/alphabetical), you should also consider whether CDDL (http://opensource.org/licenses/cddl1.php) gives you what you're looking for.

Disclaimer - I work for Sun Microsystems, on OpenSSO (http://opensso.dev.java.net), a CDDL-licensed project. However, in this instance, I'm not shilling for Sun, just giving my personal opinion.

Based on the Mozilla Public License, CDDL attempts to balance the interests of different sides of the developer community - on a file-by-file basis, any modifications you make to CDDL-licensed source code must be made available under the CDDL, however, if you build CDDL into a 'larger work' you choose how to license your 'new' files.

This is essentially a middle course between GPL and Apache/BSD/MIT (they're not the same, but they do lie on the same side of the license spectrum). If I license my code to you under CDDL, you are free to use it as a component in a 'larger work', but you must make available any changes/fixes to my code.

Anyway - the main thing is to read the licenses, decide which one best fits your intentions, adopt it, and get back to the code. One thing some people overlook is that, as the actual copyright-holder, you are not bound perpetually by your initial license choice. Although the genie is out of the bottle regarding already licensed code, you can decide to stop licensing future versions under an open source license, switch licenses, add new licenses or whatever. Of course, you would consider the needs and preferences of the community that you have (hopefully) built around your code before taking any of these courses of action!

I truly believe that CDDL offers a useful middle path between the 'viral' (all your code are belong to us) GPL and the 'permissive' (take what you like, just don't sue us if it doesn't work out) Apache/BSD/MIT, and this provides specific benefits for business.

James goes on to extrapolate somewhat from his lawyer friend's opinion:

She mentioned that corporate friendly licenses permit redistribution without restrictions on commercial use and don't have broad retaliation clauses. In reading into her position, I would guess that she doesn't like Sun, IBM or Mozilla but would like likes such as GPL 2.0, Apache and MIT though.

Nice guess, James, but I'd like her unfiltered opinion after reading the licenses (you are correct in your suspicion that I've never had a conversation with any corporate lawyers whose primary business isn't technology). The Apache 2.0 license has a patent retaliation clause (my emphasis:

3. Grant of Patent License.

Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable (except as stated in this section) patent license to make, have made, use, offer to sell, sell, import, and otherwise transfer the Work, where such license applies only to those patent claims licensable by such Contributor that are necessarily infringed by their Contribution(s) alone or by combination of their Contribution(s) with the Work to which such Contribution(s) was submitted. If You institute patent litigation against any entity (including a cross-claim or counterclaim in a lawsuit) alleging that the Work or a Contribution incorporated within the Work constitutes direct or contributory patent infringement, then any patent licenses granted to You under this License for that Work shall terminate as of the date such litigation is filed.

I AM NOT A LAWYER, but this does not seem substantially different from the equivalent section of CDDL:


If You assert a patent infringement claim (excluding declaratory judgment actions) against Initial Developer or a Contributor (the Initial Developer or Contributor against whom You assert such claim is referred to as Participant) alleging that the Participant Software (meaning the Contributor Version where the Participant is a Contributor or the Original Software where the Participant is the Initial Developer) directly or indirectly infringes any patent, then any and all rights granted directly or indirectly to You by such Participant, the Initial Developer (if the Initial Developer is not the Participant) and all Contributors under Sections 2.1 and/or 2.2 of this License shall, upon 60 days notice from Participant terminate prospectively and automatically at the expiration of such 60 day notice period, unless if within such 60 day period You withdraw Your claim with respect to the Participant Software against such Participant either unilaterally or pursuant to a written agreement with Participant.

Understand, I'm not saying that CDDL is the license-to-end-all-licenses, but it is definitely worth considering as an option if you want a middle way.

Tuesday Jul 31, 2007

Open Source builds communities, not software

James Governor of Redmonk (I might jeopardize our ranking in the next magic quadrant if I say that he's the best software analyst on the planet. D'oh!) reckons that Open Source Software is Social Media. I agree wholeheartedly - this is exactly what we're experiencing in OpenSSO. We would be building the next version of Sun Java System Access Manager (sorry - I have to appease the branding gods, and that string gets this blog entry listed on the Access Manager blogs page) regardless. OpenSSO is building a community (btw - we're up to 432 members now) around the product. Random folks get to use it for cool stuff, we can make that cool stuff available for others, system integrators get to see inside the product and do a better job for our mutual customers, and we get feedback from the community at the earliest possible opportunity - from the design docs or code itself. Not to mention contributions from the wider community - the building software bit. It's a win all round. Except for our competitors. Shame, that.

I'll leave it to James and the other analysts to figure out where Open Source makes sense and where it doesn't, but, I have to say, it's working for us!

UPDATE - bonus customer quote from a Software Engineer at Google: "I like the fact that I can look at your source and give it to my security guys and get the blessing. That's the main reason I'm looking at Sun's stuff and not some closed source vendor"

Monday Nov 13, 2006

Open All The Way Up

It's just one of those days - the bloggable thoughts are coming thick and fast...

For some time now, Sun has been unusual in providing the entire stack of hardware and software, from the metal right on up to the product on which I work, Sun Java System Access Manager:

Web SSO Sun Java System Access Manager
Web Container Sun Java System Application Server
Computing Platform Java
Operating System Solaris
Processor Architecture UltraSPARC

Well, now there is an open analogue to every one of those layers:

Web Container GlassFish
Computing Platform Java (now open sourced!)
Operating System OpenSolaris
Processor Architecture OpenSPARC

Open all the way up the stack - now that is cool!


Get the Source

GPLv2 and everything. Wow. And Glassfish adds GPLv2 to the existing CDDL. Cool.

Go get it!

Monday Oct 16, 2006

The Open-Source Insight

I've pasted this into so many emails and IMs this past week, I thought I'd just put it here, so I can remember the link:

"The open-source insight is simply that you don’t have to be smart enough to have all the answers - you just have to be smart enough to invite other people to play in your sandbox."

From Ten Questions with Polly LaBarre on Guy Kawasaki's excellent Signal Without Noise.




« February 2017