What's Happening in Identity at Sun

Print-friendly Version

A lot has been happening lately in the identity arena at Sun. The big news is open source, specifically:

• The Open Single Sign-On (OpenSSO) project is coming of age.
  
  
• The Open Directory Service (OpenDS) project has just launched.
  
  
• Sun is on the verge of releasing code that shows how Project Tango (the interoperability project between the Java platform and the new Microsoft Windows Communication Foundation) and Sun Java System Access Manager (Access Manager for short, OpenSSO's base product) combine to form a Security Token Service (STS).

Read on for the latest.

It's been a whole year since Sun announced OpenSSO at the Burton Group's Catalyst Conference. At that time, Sun tested the waters by open-sourcing a limited amount of the Access Manager code on authentication and SSO only, but it soon became clear that the demand was there for policy and federation, too.

Sun is now completing the first phase of OpenSSO: It has released the source code for authentication, SSO, and policy and is accepting contributions from the open-source community. Whether you want to simply try out the software, ask (or answer!) questions in the forums, file bugs, or contribute code or documentation, Sun welcomes your participation. Later, Sun will promote external contributors to "committer" status, just like the Project GlassFish model.

Next, Sun will move on to add the eagerly awaited federation code. Over the next few months, we will be creating the industry's only 100-percent, open-source SSO access control-federation stack—one that supports the Liberty Identity Federation Framework (Liberty ID-FF), the Liberty Identity Web Services Framework (ID-WSF), and Security Assertion Markup Language (SAML). The next major versions of Sun Java System Access Manager and Sun Java System Federation Manager will join Sun Java System Application Server as fully supported Sun products that are built from open-source code.

OpenDS, an entirely new, open-source Directory Service written from scratch in the Java programming language, is open for business. Note the term Directory Service—that's much more than an LDAP server. In time, Directory Service will evolve to include virtual directory, data distribution, and directory synchronization capabilities.

Although OpenDS went live only at the end of July, the core LDAP engine is already in place. Sun engineer Neil Wilson has blogged an excellent introduction on that topic. Again, almost anyone interested in directory can participate, from downloading and trying out the product to contributing suggestions for enhancement, documentation (for which a Wiki page will be available), plug-ins, and core code.

The JavaOne conference in late May saw a burst of activity around Project Tango, also called Web Services Interoperability Technology (WSIT). Sun demonstrated a Security Token Service, which implemented a brokered trust model between two security domains, that is, exchanging one domain's SAML token for another SAML token accepted in a second domain.

What was exciting was that one domain comprised Sun's WSIT technology with Access Manager integrated into the STS while the other domain comprised the Windows Communication Foundation (WCF), previously known as Indigo. What is really exciting is that Sun will soon release the code that integrates Access Manager (and equally OpenSSO) with WSIT. Watch the Project Tango site for details.

So, from the directory up through access control and SSO to Web services, Sun is diligently working with the open-source community to build the tools to do the job. All three projects share the Common Development and Distribution License (CDDL), which renders it a snap for you to participate and incorporate the technology in your own work space.

Again, do join us in these open-source efforts!