Sun Java Solaris Communities My SDN Account
» search tips 
Sun Developer Network

Article

From the Trenches at Sun Identity, Part 2: OpenSSO, a Thriving Community

 
  Print-friendly VersionPrint-friendly Version
By Marina Sum, March 24, 2008  
See also:
 
 
Part 1: Access Management for Web Applications
Part 3: Federated Access Management Simplified
Part 4: Virtual Federation, a Pioneering Way for Exchanging Authentication Data
Part 5: Support for OpenSSO
Part 6: Identity Services for Securing Web Applications
Part 7: Security for Web Services
Part 8: Quality Assurance
 
Photo of Pat Patterson
— Pat Patterson, federation architect, Sun Microsystems

Pat Patterson, federation architect at Sun, hails from Britain. In 1997, after a stint as a C++ developer in financial charting applications, Pat joined JCP, a startup in London, where he built Internet security software with Java technology.

In 2000, Sun acquired JCP. Pat joined Sun and continued to work in the U.K. Subsequent to yet another security-related acquisition—Waveset, now Sun Java System Identity Manager—by Sun, Pat moved to California in 2003 and transferred to access management in early 2004. After a year in product marketing, he returned to engineering and is currently on the access and federation management team under Jamie Nelson, interviewed in Part 1 of this series.

In addition to his architectural role, Pat acts as community manager for OpenSSO, the open-source twin of Sun Java System Access Manager; represents Sun at the Liberty Alliance, a global organization on security standards; and collaborates with Microsoft on interoperability. All those responsibilities map well to his interests. He muses, "This job is perfect for me. Simultaneously, I keep up with the technology at the source level, champion Sun at standards bodies, and attend many major events, such as JavaOne and JavaPolis, often as a presenter."1

In this interview, Pat expounds on OpenSSO's mission, adoption model, and challenges. He also describes a significant gain to Sun and his aspiration for OpenSSO's future.

1 For a list of Pat's upcoming speaking engagements, see References.

A Primer

Sun's current identity management portfolio contains four major products:

In July 2005, Access Manager became open source as OpenSSO. "Any time, as soon as my laptop is on," says Pat, "I'm in the #opensso IRC [Internet Relay Chat] channel, where developers from all over—China, Singapore, Germany—hold dialogs about OpenSSO."

Note: To join the dialog, see the IRC Channel section on the OpenSSO wiki for a setup guide.

Mission and Adoption
A major mission of the OpenSSO charter is to ensure that the voice of the community, both within and outside Sun, is heard and to encourage adoption and contributions worldwide. "It started out quietly," Pat recalls. "And it took time to roll out the source code—a task that requires audits to confirm that Sun does own the full right to the intellectual property. All told, 98 percent of OpenSSO is the same as Access Manager; the remainder, such as support for SafeWord one-time password tokens, is from third parties." All that partly accounts for the fact that it's been a while since the release of Access Manager 7.1. The next release, Sun Java System Federated Access Manager 8.0, a combination of Access Manager and Federation Manager, is scheduled for this summer.

So far, response from the community has been gratifying: Adoption of OpenSSO is transparent and smooth. A recent blog by Sun's chief open source officer, Simon Phipps, The Adoption-Led Market, describes the try-prototype-buy support model, in which participation in the open-source community by potential customers is a key first step.

Challenges and a Major Gain
To Pat, the biggest challenge of OpenSSO is the transition from traditional proprietary development to open source, an adjustment for the Sun engineers concerned. They must work in the open, so to speak, connect both with their colleagues and with outside contributors, and notify all of them of code updates.

Other issues for the switch are—

  • Leading the way, often as a trailblazer. "Without question, Sun is a pioneer in open source," Pat points out. "In the case of Access Manager, as in a few other Sun products, while publishing the source code of an existing product, we also ask our engineers to accept ideas from external contributors, some of whom are novices to the product. Others, such as system integrators and developers at customer sites, have been long-time users who are well qualified to work on OpenSSO. Still, make no mistake, it's a radical cultural change."

  • Cleaning up the source code. This task calls for clarity of mind, attention to detail, and focus. Engineers must be ready to answer the question "Do we own this code for sure?"

  • Promoting the project. That is, publicizing OpenSSO's offering and benefits, attracting and encouraging participation, and fostering loyalty.

On the other hand, involving external developers has become an excellent recruitment venue for Sun. An example is Sun technical specialist Paul Bryan, who was a third-party system integrator while working with Sun software in Vancouver, B.C. for years. He became interested in OpenID, created the OpenID Extension for OpenSSO, and subsequently joined Sun. For more details, read a January interview with Paul.

"I couldn't be happier that this aspect of open source lends us frequent contact with a pool of talent, all potential candidates for Sun's job openings," Pat smiles. "Just like the advent of telecommuting, collaboration with the community has resulted in a blurred line between work and nonwork. Several members of the wider OpenSSO community have become my personal friends."

Present and Future

Currently, more than 620 members have signed up to work on OpenSSO, file or fix bugs, and contribute code. "We have built a number of extensions and are continually adding new ones. Those are subprojects that the community can further develop with a more agile process," Pat tells me. "Many of the subprojects, such as the Information Card Relying Party, might become part of the product down the road. The major focus right now is to stabilize Federated Access Manager 8.0 and make it a robust release come summer."

"What's on the horizon? What do you envision for OpenSSO?" I ask Pat.

"Someone once likened OpenSSO to Apache for single sign-on," Pat replies. "That might yet become reality. As the project gains wide acceptance, I'd like whoever desires access control and federated SSO to immediately think of OpenSSO as the preferred choice."

Talk about a goal worth striving for!

References
Rate and Review
Tell us what you think of the content of this page.
Excellent   Good   Fair   Poor  
Comments:
Your email address (no reply is possible without an address):
Sun Privacy Policy

Note: We are not able to respond to all submitted comments.
Marina SumMarina Sum is a staff writer for Sun Developer Network. She has been writing for Sun since 1989, mostly in the technical arena. Marina blogs on Sun's products, technologies, events, publications, and unsung heroes.
 

Oracle is reviewing the Sun product roadmap and will provide guidance to customers in accordance with Oracle's standard product communication policies. Any resulting features and timing of release of such features as determined by Oracle's review of roadmaps, are at the sole discretion of Oracle. All product roadmap information, whether communicated by Sun Microsystems or by Oracle, does not represent a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. It is intended for information purposes only, and may not be incorporated into any contract.
About Sun  |  About This Site  |  Newsletters  |  Contact Us  |  Employment  |  How to Buy  |  Licensing  |  Terms of Use  |  Privacy  |  Trademarks
 

 
© 2010, Oracle Corporation and/or its affiliates
A Sun Developer Network Site

Unless otherwise licensed, code in all technical manuals herein (including articles, FAQs, samples) is provided under this License.
 
XML Sun Developer RSS Feeds