 | |
 — Paul Bryan, Sun technical specialist
Recently, I interviewed Paul Bryan, a Sun technical specialist in Vancouver, B.C., about his background in identity-related development. We also discussed OpenSSO Extensions, including support for OpenID. Notably, Paul aims to create an authentication system that will alleviate security fraud and theft, such as phishing. A lot to look forward to! Early Involvement With Sun
Paul has been working with Sun products and technologies since 1995 but did not join Sun until October 2007. "When the Java programming language first debuted, I was developing in C and C++ and immediately saw the Java benefits in productivity and security. That is, finally, we can write safe code!" he recalled. Soon afterward, he started a company that was dedicated to developing Java technology-based software. Paul became truly involved with Sun in 2001 while building a project for TELUS, the second-largest telecommunications company in Canada. One of the products he used was Sun's Portal Server, currently called Sun Java System Portal Server, which subsequently led to the emergence of Sun Java System Access Manager (henceforth, Access Manager). Needs, Hence Product Capabilities
"What happened was that we badly needed single sign-on, called SSO, for five different applications that we had to integrate into one portal," Paul recounted. In short order, besides achieving SSO, provisioning of users, sharing across multiple applications, and seamlessly managing sessions became must-implement items, too. And Access Manager, called iPlanet Directory Server Access Management Edition (iDSAME) at the beginning, was born at Sun and later enhanced to operate across multiple federation protocols for authentication. In 2003, Paul cofounded Brighton Consulting, a Sun partner in Vancouver that specialized in identity and access management solutions. Because of his experience with Access Manager, when it became open source in 2005, Paul was that project's first external contributor. "I made minor changes to OpenSSO's source code 'to get my feet wet,'" he added. OpenID and Other OpenSSO Extensions
In early 2007, Paul left Brighton and spent some time to ponder his next move. He could see that the time was ripe for OpenID to be incorporated into OpenSSO. "So what's OpenID?" I asked Paul. "Give me an example." "It's a user-centric identity system that puts more control in users' hands of how their information is shared. For example, if you book a ticket with an airline that offers you a discount at a car-rental company, you could authorize specifically what data to disclose," Paul explained. Given the overwhelming concern about privacy, OpenID addresses this pressing need. Paul built an OpenID extension in the form of an identity provider for OpenSSO. The alpha release for that extension came in March 2007. Seven months after OpenID met OpenSSO, Paul joined Sun. Along with Sun identity architect Pat Patterson, he helped start an OpenSSO subproject, OpenSSO Extensions, an incubator for new and experimental code without the strict governance requirements of the main code base. Those extensions all work with Access Manager, which will soon be integrated with Sun Java System Federated Manager to become Sun Java System Federated Access Manager. Phishing Be Gone
Phishing, according to Wikipedia, "is an attempt to criminally and fraudulently acquire sensitive information, such as user names, passwords and credit card details, by masquerading as a trustworthy entity in an electronic communication." It's a significant risk to users and a challenge for identity system developers. "Currently, a major vulnerability for OpenID is phishing," said Paul. To counter that, he's actively pursuing the interoperability with other user-centric identity systems, such as information cards, which are being developed in such projects as Windows CardSpace and Bandit. The solutions that are underway include the installation of plug-ins in the client and a user interface to enable users to furnish credentials "in a controlled way," such as in an identity selector. For authentication, that selector operates with cards instead of the traditional user name-password credentials. Ultimately, Paul aims to make OpenSSO realize its full value, that is, support not only Security Assertion Markup Language (SAML) but also the diverse range of identity systems out there. "That's my goal," he concluded. And a worthwhile one. |
| ||||||||||||||
| |
Oracle is reviewing the Sun product roadmap and will provide guidance to customers in accordance with Oracle's standard product communication policies. Any resulting features and timing of release of such features as determined by Oracle's review of roadmaps, are at the sole discretion of Oracle. All product roadmap information, whether communicated by Sun Microsystems or by Oracle, does not represent a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. It is intended for information purposes only, and may not be incorporated into any contract.
| ||||||||||||
Print-friendly Version
