Posts Tagged opensso
This is a big milestone for ForgeRock and the OpenAM project, an open source WebSSO, Authentication, Authorization, Federation and Entitlements solution. After months of development (a few more than we anticipated), we’ve finally released OpenAM 10.0.0, a major version of the product.
OpenAM 10 brings a set of new features, including support for OAuth 2.0 client authentication, the ForgeRock Identity Gateway (built out of project OpenIG), enhanced SAML 2 identity provider capabilities, a new Risk Based Authentication module, … It also now relies on OpenDJ 2.4.5, the latest stable release of OpenDJ the open source LDAP directory server, and supports the internet-draft based LDAP password policy. You can find more details in the press announcement, or the product release notes. The documentation of the OpenAM 10 release can be read at http://docs.forgerock.org/en/index.html?product=openam&version=10.0.0.
The OpenAM 10 release owes a lot to the OpenAM community, for the issues raised : a total of 41 issues fixed in OpenAM 10 were raised by 26 different persons, and for the generous patches offered to fix over a dozen of these issues.
To each and every contributor : THANK YOU !
Last week-end all Sun products documentation got moved from docs.sun.com to Oracle.com domain, with new IDs. So all URLs and bookmarks have been “lost in translation” !
On this blog, I had numerous references to Sun directory product documentations, pointing to specific commands or chapters for configuring and managing the service… All are now redirecting to the main Oracle’s documentation page.
But I managed to find the place where the Sun Directory Server documentation is listed, from iPlanet Directory Server 4.11 to the latest Oracle Directory Server Enterprise Edition 11g : the Legacy Sun Identity Management Documentation. There are link for both the online and the PDF versions.
Pfew! I was afraid everything disappeared.
On a side note, classifying the so called “strategic” Oracle Directory Server Enterprise Edition 11g in the legacy products seems to say a lot about its future !
Pat Patterson reminded me of a conversation he had at OSCON 2009 with Jack Adams about OpenSSO. Luckily, the discussion was captured in video.
During the conversation, they talk about OpenDS as well. Thanks for the plug, Pat !
I’ve just spent a wonderful week in Porto Alegre, Brazil where I’ve landed to talk about OpenDS at the FISL 10 conference.
This is my first visit in Brazil and I must say that I didn’t get any good impression of the country in the first two days. As a matter of fact, I didn’t get any impression at all. I arrived on Monday evening around 9pm, it was all dark. After more than 16 hours of traveling, I just wanted to hit a bed.
On the Tuesday morning, thanks to the jet lag, I got up quite early, checked email and went for breakfast by 7am, noticing a rainy day and still pretty dark. I was just done with the breakfast when Bruno Souza arrived and took me to the location of the Javali meeting, an ancillary event of FISL, sponsored by Sun and organized by SOU Java and RS JUG.
We spent the whole day in the conference room, watching from time to time through the windows the heavy rain and wind. The Javali talks ended with pizzas and guarana and by then the night was already dark.
While I didn’t get to see how Porto Alegre looks like in the first days of my visit, I did enjoyed the friendliness of Brazilians. At Javali, trying to follow the presentations in Portuguese was though but I think I got probably 50% of the technical parts thanks to the mix of english words and to my understanding of Spanish. And when it was necessary, Bruno or Mauricio Leal would do some translation for us.
I didn’t get to talk at Javali, the agenda was pretty full and I hadn’t told Bruno I would be coming as I wasn’t sure I could make it. But Pat Patterson presented Securing RESTful Web Services with OpenSSO (and OAuth) and mentioned a few times OpenDS.
Wednesday was the first day of FISL and all the Sun participants went quite early to help setting up the booth in the Exhibition Hall. Sun’s booth was very well located and its main attraction was the thousands of small soccer balls that were given to attendees that registered to the OSUM program. I think that throughout the whole event, the Sun’s booth was the most vibrant and busy one, with Roger Brinkley making demos with his toys, Angel Camacho, Brian Leonard, Kirthankar Das and others helping with installs of OpenSolaris on attendees’ laptops.
Arun Gupta fired the event on Wednesday morning with his presentation demonstrating the combined power of GlassFish, MySQL and NetBeans to build web applications.
Friday was the busiest day for me as I was scheduled for 2 presentations. But before that, I was invited to participate in Simon Phipps talk show, describing in 5 minutes, what was OpenDS, what were the benefits for the Brazilian open source users and developers.
Immediately after, and in the same room, I did my presentation for OpenDS with the theme of "Scaling the Identity Store with OpenDS". The sessions talked about the 3 models we have in OpenDS for deployment :
- Embedded in Java applications,
- Standalone replicated servers,
- LDAP Front-end access to MySQL Cluster’s network DB.
While FISL is mostly attended by students, my session had a majority of System Administrators, interested by simplifying and reducing the cost of their data-centers.
Later in the afternoon, I was presenting again, repeating JavaOne’s presentation from Tony Printezis and Charlie Hunt GC Tuning In the HotSpot Java Virtual Machine. Charlie was meant to attend the event, but the week before found out he could not make it. As they recalled I was in the room at JavaOne and I’m quite familiar with the subject as we’re spending a lot of time trying the different options to tune the JVM to get the best performances out of OpenDS, they asked me to cover the talk. I think I’ve done a reasonable job, despite the density of information in the slides, and the simultaneous translation in Portuguese for the largest part of the crowd not so familiar with English.
Still on Friday, part of the exhibition floor was closed to the public as the Brazilian President, Lula Da Silva, was schedule to visit the event. Sun booth was very well positioned, on the border on the closed area and the crowd started to gather by the booth as President Lula arrived. The excitement was amazing. When the President reached by the OpenSolaris Brazil user group, he received an OpenSolaris cap and T-shirt from Vitorio Sassi, Sun employee and one of the leaders of the Brazilian OpenSolaris community.
Photo taken by Ludovic Poitou, June 26 2009.
On Saturday and last day of the FISL conference, I got to share a little bit more of the stage by answering a performance related question from the attendance on Bruno Souza’s session about the future of Java,with the exceptional presence of Javali, the mascote for the Javali user group.
Overall FISL has been an amazing experience. It is definitely the biggest open source I’ve participated to. Over 8200 registered visitors, from 27 different countries, more than 320 speakers for 354 presentations and a presidential visit. More than that, Brazilians are extremely nice, generous and happy to live. They made our stay in Porto Alegre something that I’ll remember for a long time. A special thanks to the main organizers: Bruno Souza and Eduardo Lima (here below with Simon Phipps)
I’ll definitely participate to the Call For Presentation next year, if evangelism of the OpenDS project is still one of my tasks for next year.
You can find all photos for the event in the FISL 10 picasa album.
OpenSSO Express 7 was announced earlier in April with a full support for OpenDS Standard Edition for storing users’ identity data.
Back in March, I pointed out Indira’s blog and the detailed how to guide for configuring OpenDS as the OpenSSO user store.
Recently, the official documentation appeared on the OpenSSO resource center. So if you want to use OpenDS as the OpenSSO User Repository, I encourage you to read and follow the steps detailed here: http://wikis.sun.com/display/OpenSSO/Using+OpenDS+as+a+User+Data+Store.
On the first week of May, I was in Munich for the European Identity Conference hosted by Kuppinger-Cole.
This was my first participation and I was delighted to meet with several of the experts in the area as well as some OpenDS customers or users, whom I’ve mostly "known" only through blogs or emails. I had discussions with Kim Cameron, Jackson Shaw and James McGovern. We shared tea with Felix Gaehtgens and Prateek Mishra. The conference was also the opportunity to talk with and listen to some of my Sun colleagues that I don’t get to see often like Fulup Ar Foll and Eve Maler. I must say that both of them did pretty interesting presentations.
Eve’s keynote on the first day of the conference brought the case for "permissioned data sharing" and was very well argued. It was the first time that I heard about User Centric identity and VRM tied together and even with a proposed solution.
On Wednesday, Fulup did a very thought provocative (and fast forward) presentation about Digital Identity in the cloud, where he explained the identity management concepts are inherited from a centralized vision of the world and they would not fit well with the cloud, nor scale to the internet. He proposes to look at how mobile operators are solving massive identity scale and to leverage existing SAML2 and Liberty defined services to build the "lazy" identity architecture.
On Thursday I was to take part of a panel discussion on the subject of "The Identity Bus" or the future of Directory Services (should I say Identity Services ?), moderated by Felix Gaehtgens. The panel was an opportunity to see again Steve Shoaff, CEO of Unboundid but previously my manager, and to meet both Dale Olds of Novell and Prateek Mishra of Oracle. I don’t know if we’ve been able to give a good idea of what this "Identity Bus" would look like, but it’s definitely "something" in between applications and the data layer, and will probably use a set of protocols like SAML2 and XACML. After the panel, James McGovern asked me when OpenDS will support IGF and CARML. Since both are abstractions and APIs for applications to express their need in term of identity related data, I don’t think they are appropriate for an LDAPv3 directory server. But I do see a layer on top of Virtual Directories or Directories that is able to consume those and translate them into appropriate functions.
Right after that Panel, Mark Craig was taking part on a panel discussion on Virtual Directories, along with Sampo Kellomäki of Symlabs, Michel Prompt of Radiant Logic and Keith Grayson of SAP.
On the Tuesday, Pat Patterson and Daniel Raskin hosted the second OpenSSO Community Day, and it was a great success, with over 50 attendees, a day packed of presentations with a very good balance of users and deployers talks vs Sun employees’ talks.
Like in New-York, I talked about OpenDS, its goals and roadmap and why it’s the perfect companion to OpenSSO as the Users identity store. Most of the presentations from the OpenSSO Community Day have been posted on the event wiki page. And if you could not make it to New-York or Munich, we’re having a 3rd OpenSSO / OpenDS / Identity Connectors Community Day in San Francisco on Sunday May 31st at the Moscone center, starting at 1pm. The event is free, but please RSVP. And I hope to see you there.
And congratulations to Pat, Daniel and the whole OpenSSO team, for the Fedlet, winner of the "Best Innovation Award".
Overall, I found the conference really good and interesting and it helped me to put back the work we’re doing in the Directory Services engineering team, in the larger picture of Identity management.
I’ll be in Munich from May 5th to May 7th first participating in the OpenSSO Community Day 2.0, representing the OpenDS team.
I will be also actively participating to this year’s Kuppinger Cole European Identity Conference since I will be talking, on May 7th, on a panel discussion on the future of directory and identity services titled “Building an Identity Bus for the Future“.
There are also several of my coworkers and experts in identity management that will be speaking. Check the list.
Please come and see us, and don’t forget to pay a visit to the Sun booth as well.
The OpenSSO and OpenDS communities will be gathering twice in the coming months.
In an “unconference” format, join us for a day or half-day of discussions and presentations with users, deployers and developers of our identity related open source projects.
If you haven’t done so, it is still time to register, but hurry up, there are few remaining seats.
And suggest your ideas, proposals for presentations on the OpenSSO Community Wiki page.
Note that OpenSSO Community Day attendees are eligible for a 20% discount on registration for the European Identity Conference. Quote discount code OPENSSO when registering.
May 31, 2009 in San Francisco, just before CommunityOne and JavaOne.
The third OpenSSO Community Day will be at the Moscone Center, San Francisco, CA, immediately before the CommunityOne West and JavaOne conferences.
Still in an ‘unconference’ format, the agenda includes all of Sun’s open source identity projects: OpenDS, OpenSSO and Identity Connectors. Suggest your ideas, proposal for presentations at http://wikis.sun.com/display/OpenSSO/OpenSSO+Community+Day+-+San+Francisco+-+May+31+2009.