Thursday Oct 20, 2011

More on JSR 351 (Identity API)

Staying on the theme of Java progress (albeit beyond Java EE 7 this time), JSR 351, the Java Identity API, is set to enhance the Java Security Model for both Java SE and Java EE in a declarative programing style.


Following Ron Monzillo's presentation at JavaOne 2011 InfoQ posted a summary highlighting the goals of the JSR: Standardize Identity in Java (while remaining domain-agnostic), Promote Attribute Service for authorization and auditing and finally define the aforementioned declarative programming model.

Note that this JSR doesn't not plan to complete in time for Java EE 7 but should instead be usable starting with JavaEE 6.

Sunday Sep 25, 2011's identity JSR

We now have a new JavaEE-related proposed JSR on the block - JSR 351: JavaTM Identity API".

To paraphrase the JSR submission, the goal is to "build on the Java security model to define identity APIs that will be used by applications for access control decisions in a declarative programming style".


The JSR will specify how applications will consume, produce and check attributes such as email address, social security number, bank account number, date of birth, nationality, gender, etc. Disclosure and use of these identity attributes would be under the user's control. Check out the proposal for a sample scenario.

The initial Expert Group is lead by Oracle (Ron Monzillo) and includes IBM, RedHat, SAP AG and the JSR is supported by American Express, Aspect Security, Boeing, Ericsson AB, and OWASP. The goal is to be compatible with Java EE 6 onward, with a final release in early 2013.

Friday Apr 10, 2009

Registration for C1 Unconferences Now Open - GlassFish and OpenSSO Day


The registration for our CommunityOne Unconferences is now open. We are hosting two intertwined events, one for all the GlassFish projects, the other for OpenSSO, OpenDS et al. Both in Hall A at the Moscone (Wikipedia, GeoHack) the Sunday before JavaOne, May 31st.

Both events are free, and you can switch back and forth as your interests apply. Check the GlassFish Unconference page and the OpenSSO Day MeetUp and Topics page.

The unconferences will be followed with a Party at the Thirsty Bear. We have plenty of space at the Moscone but the TB space is limited, so I encourage you to sign up early.

Monday Mar 16, 2009

This Week's GlassFIsh Webinar: OpenSSO - Overview, Stories and Roadmap


This week's webinar is on OpenSSO, the open source project that provides enterprise-quality infrastructure to implement single-sign on. Sid and Ajay will present a technical overview of OpenSSO and then will explain how it is being used in a real-world deployment. The presentation will end with a roadmap for the features in future releases of OpenSSO.

Presentation on Thursday, March 19th, 11am US Pacific, at TheAquarium Channel. Full details (and recordings) at the Show Page.

Wednesday Mar 11, 2009

Identity Connectors - Open Source Adaptors for Identity Manager


Sun's Identity Team (home to OpenSSO and OpenDS) has just announced a new open source project: Identity Connectors, to bridge between the Identity Manager, which provides auditing and provisioning, and the resources it manages.

The project already has over 12 connectors, from Active Directory to Google Apps. The corresponding version of IdMgr is 8.1, Just Released. Thanks to Tomas and Hanaki for the tip.

Wednesday Feb 18, 2009

Using MySQL and GlassFish in Identity Manager


There is a new White Paper that shows how to Leverage MySQL and GlassFish in an Identity Manager deployment, building on the earlier announcement of IdManager 8 on MySQL.

This extensive (40pages) white paper provides an overview of the function of Sun Identity Manager, and explains how to install it with GF and MySQL. The combination of the three provides a very compelling value-proposition.

Wednesday Feb 11, 2009

WEBINAR: Attacking complexity with simplicity - Sun Identity Management

The Sun Identity Team is kicking off a monthly webinar program outlining our overall portfolio and how it can help you solve everyday identity challenges. The first session will be held on February 18 at 8AM PT and will provide an overview around how Sun approaches everyday identity and offer an overview of our methodology to build strong identity foundation that lasts. So . . . what are you waiting for! Register for our life changing webinar now!

Friday Aug 29, 2008

OpenSSO Express and Identity Services at SDN

OpenSSO Diagram

Things have been pretty quiet on the identity front here at The Aquarium over the summer vacation season - time to kick things up a notch with a look at the recent feast of OpenSSO-related articles on the Sun Developer Network's identity pages:

In part 4 of the 'Securing Applications With Identity Services' series: 'Single Sign-On and Logout', Prashant, Aravindan and Marina show how OpenSSO's REST-based identity services can be put to use in integrating a sample Java web application with OpenSSO. This approach was used in Prashant's integration of Liferay with OpenSSO, which also works in WebSynergy.

'Integrating Applications With OpenSSO', by Tatsuo, Aravindan and Marina, covers integration with OpenSSO via policy agents, reverse proxies, the client SDK, and identity services. There's a great worked example of integrating Ruby on Rails with OpenSSO, applying OpenSSO's identity services beyond the world of Java.

The fifth interview 'From the Trenches at Sun Identity' has Marina talking to OpenSSO senior product manager Nick Wooler on Support for OpenSSO, explaining how customers can now buy support for OpenSSO via OpenSSO Express.

Finally, Aravindan Ranganathan talks to Marina about Identity Services for Securing Web Applications. As you can probably tell, identity services is one of the hottest components in OpenSSO right now!

For all the latest OpenSSO articles and more, subscribe to the SDN Identity Feed - there's plenty more in the pipeline!

Friday Aug 08, 2008

OpenSSO Early Access Review Launched

The OpenSSO Project is soliciting feedback on their Early Access Build -- OpenSSO Express Build 5. With the release of this build, community members now have the opportunity to participate in the Early Access (EA) program for Sun's next commercial offering. Review the Early Access documentation and hammer away at Express Build 5! Send your EA feedback to so we can make the product perfect. Thanks in advance!

Wednesday Jun 11, 2008

Identity Manager 8.0 is Out


Identity Manager is part of Sun's Identity Offerings, which also includes our old friends OpenSSO and OpenDS. The latest release (8.0) includes Improved Role Support, Enhanced Reporting, More Resources, and new platforms. For more details, see: Home, Download (Localized GAs due July 14th) and Docs.

IdMgr 8.0 is not (yet?) Open Source (unlike its NetBeans plug-in), but the download is free. IANAL, but my reading of the license seems to imply free RTU with some constraints like a limit to identities used in some use cases.

Otber useful links include:

Identity Podcasts
Mani's Summary of the release highlights.
• Companion Role Manager product.
Bert's Note
• Sean's Cryptic Non-Announcement.

Friday Mar 07, 2008

Federated Identity Through the Eyes of the Deployer

Eve's Advisory

If you've taken a look at federated identity, but become bogged down in acronyms (SSO, SP, SAML???) and jargon (why do I need an identity provider? I already have an identity), then you'll be happy to read identity diva Eve Maler's recent article on the topic - Federated Identity Through the Eyes of the Deployer. Eve and regular SDN identity writer Marina Sum walk you through the basics of federated identity - what it is, why you might want it and what questions to ask as you architect a federated identity system.

If you're wondering about the illustration - Eve is an authority on matters XML, being instrumental in the creation of XML and related standards such as SAML - in fact, you can blame Eve for some of those acronyms

Wednesday Feb 06, 2008

SDN Interview with Sun Technical Specialist Paul Bryan

Sun Technical Specialist Paul Bryan

Sun Developer Network technical author Marina Sum recently published a short interview with Paul Bryan, a Sun technical specialist working in identity management.

As mentioned in the interview, Paul was the very first external committer on the OpenSSO project back in 2006. He went on to write the OpenID Extension for OpenSSO before joining Sun towards the end of last year.

Discover how Paul is working with OpenSSO to fight phishing and identity fraud.

Friday Nov 02, 2007

Authentication with Identity Services

Identity Services Slide

While standarda such as SAML and XACML provide flexible, interoperable frameworks for exchanging authentication and authorization data, developers are sometimes left wanting something simpler - "Just give me an easy way to authenticate a user and check if they are authorized to access a resource".

We've been working on this in OpenSSO these past few months, building a simple set of identity services; web services for authentication, authorization, attribute retrieval and logging. With SOAP and REST endpoints, just about any application can manipulate identities in a very simple, robust way. Check out Aravindan and Marina's recent article on authentication with identity services. Subscribe to the Sun Developer Network identity feed to catch further article in this series.

Friday Jul 06, 2007

OpenDS 0.9 released

OpenDS logo

OpenDS, the 100% Java implementation of an LDAP v3 directory has reached the 0.9 milestone earlier this week. At this point, it is an LDAP v3 compliant directory with multi-master replication and access controls just to name the main features. Next stops are the beta release and a 1.0 version later this year. In the mean time a Summer 2007 Bugfest has just started with prizes for people helping fix as many as 130 defects listed today.

OpenDS comes with a Java Web Start installer and data to populate the directory. It really doesn't get any easier than that to start using an LDAP directory. If you need to speak XML to OpenDS rather than LDAP, the DSML gateway (implemented as a WAR archive) is also available.

Check also the cool uses of OpenDS as presented by Ludo at the San Francisco GlassFish Day in May 2007.

Wednesday Jun 27, 2007

GlassFish Videos!


At least four GlassFish-related Hands-On-Labs from JavaOne 2007 have been made available online recently as screencasts -

•  LAB-5410 : Securing Identity Web Services

•  LAB-3315 : Java EE 5 Hands-on and Clustering using Open Source GlassFish Application Server

•  LAB-4450 : Rapidly Building a Real Life Application With Ajax and JavaServer Faces Components using the NetBeans Visual Web Pack

•  LAB-4440 : Building Web2.0 application using Sun Web Developer Pack (SWDP)

Hands-On Labs (HOL) are fully documented from setup to step-by-step didactic tutorials. Each is split into several exercises for a total of 60 or 90 minutes. The complete list (all 27 of them) is here. Specifically, I'd recommend "LAB-3360: Taste Special Features of GlassFish". Access is free to all SDN members. SDN membership is free as well.