Re: ApacheCon Europe 2007

[Pat Patterson <pa...@superpat.com>]

Hi Ian,

You might want to take another look at OpenSSO - it's thriving! We completed
our first phase of code rollout in August -
https://opensso.dev.java.net/servlets/NewsItemView?newsItemID=4039 - all the
code required to build a working access control and single sign-on solution,
and followed it up with all the federation code in November -
https://opensso.dev.java.net/servlets/NewsItemView?newsItemID=4377 -
supporting SAML 1.x, Liberty ID-FF, ID-WSF and SAML 2.0. You can also find
our architecture docs here:
https://opensso.dev.java.net/servlets/ProjectDocumentList?folderID=4019&expandFolder=4019&folderID=4018

Not only are the mailing lists alive (take a look at monthly traffic on the
users@opensso list -
https://opensso.dev.java.net/servlets/SummarizeList?listName=users), we have
committers external to Sun and a web agency in the UK has already built a
solution on OpenSSO and deployed it into production -
http://blogs.sun.com/superpat/entry/audi_uk_using_opensso_to

So - vaporware? Anything but.

As far as OpenID goes, it's orthogonal to OpenSSO. OpenID is an
authentication protocol. OpenSSO is an access control/single
sign-on/federation server. As I mentioned above, OpenSSO already supports
the SAML and ID-FF protocols for cross-domain/federated authentication and
single sign-on, and we are adding WS-Federation soon
(http://blogs.sun.com/superpat/entry/development_in_the_open_opensso). In
fact, one of our committers is looking at adding OpenID support to OpenSSO
right now.

Sorry for the off-topic rambling, but I felt I had to correct the
inaccuracies.

Fair disclosure - I work at Sun. OpenSSO is my day job. So, I'm highly
biased, but, on the other hand, I do know what I'm talking about.

Cheers,

Pat
http://blogs.sun.com/superpat


Ian Kallen-2 wrote:
> 
> AFAICT, OpenSSO is vaporware; it's been months and Sun hasn't released 
> any specs or working code. OTOH OpenID works *now*. Technorati profiles 
> work as identities. For instance, Dave, you can log in to your 
> Technorati account and then use your logged-in status to authenticate on 
> zooomr.com, ma.gnolia.com or wikitravel.com (or any service supporting 
> OpenID 1.1, AFAIK) using http://technorati.com/profile/snoopdave. And 
> blogging platforms that supply URL based identities with OpenID can 
> seamlessly claim their blogs on Technorati (try it: claim a Vox or 
> LiveJournal blog). I'm not sure of the state of the java OpenID 
> implementations, anyone interested in developing comment authentication 
> with OpenID (which I think would be *great*, I hate identity silo 
> proliferation and capthas), I can introduce to the folks at JanRain, 
> they have a lot of working code that's live out in the wild.
> -Ian
> 
> Matt Raible wrote:
>> What about OpenSSO?  I found this discussion, but nothing comparing
>> OpenSSO with OpenID.
>>
>> http://blogs.sun.com/superpat/entry/opensso_it_s_alive_alive
>>
>> Matt
>>
>>
>> On 12/27/06, Dave <sn...@gmail.com> wrote:
>>> Foo. I hit the send button too soon.
>>>
>>> That's a great idea for a talk and I don't think the title is too bad,
>>> it's nice and descriptive. Another SSO option worthy of exploration is
>>> OpenID.
>>>
>>> - Dave
>>>
>>>
>>>
>>> On 12/27/06, Dave <sn...@gmail.com> wrote:
>>> > I'm also planning on submitting papers to ApacheCon EU 2007.
>>> >
>>> > - Dave
>>> >
>>> >
>>> >
>>> > On 12/27/06, Matt Raible <mr...@gmail.com> wrote:
>>> > > Roller Developers,
>>> > >
>>> > > I just thought I'd let y'all know that I'm going to try to speak at
>>> > > ApacheCon 2007 Europe.  I submitted a few proposals this morning,
>>> > > including the following 1/2 day tutorial for Roller and Acegi
>>> > > Security:
>>> > >
>>> > > <abstract>
>>> > > Security and Single Sign-on: Roller, Geronimo/LDAP, and Acegi 
>>> Security
>>> > > 
>>> -------------------------------------------------------------------------------- 
>>>
>>> > > Acegi Security is quickly becoming a widely respected security
>>> > > framework for Java applications. Not only does this security 
>>> framework
>>> > > solve many of the deficiencies of J2EE's security mechanisms, but 
>>> it's
>>> > > also easy to implement and configure. This tutorial will help you
>>> > > learn more about Acegi Security, as well as how to integrate it into
>>> > > your web applications. The Roller Weblogger project (currently in
>>> > > Apache's incubator) uses Acegi Security for many of its features:
>>> > > authentication, password encryption, remember me and SSL switching.
>>> > > After learning about Roller and Acegi, you will see how to deploy
>>> > > Roller onto Tomcat and Geronimo. Following that, you will learn 
>>> how to
>>> > > hook Roller/Acegi into Apache Directory Server for authentication.
>>> > > Finally, you will learn how to integrate Roller with a Single 
>>> Sign-on
>>> > > System (Yale's Central Authentication Service -
>>> > > http://www.ja-sig.org/products/cas).
>>> > >
>>> > > Proposed Agenda:
>>> > > Hour 1: Introduction to Acegi Security
>>> > > Hour 2: Introduction to Roller, Installing on Tomcat and Geronimo
>>> > > Hour 3: Integrating Roller with LDAP (Apache DS) and CAS
>>> > > </abstract>
>>> > >
>>> > > I'm interested in finding a flashier title, in case anyone has
>>> > > suggestions.  Is anyone else planning on attending and/or 
>>> presenting?
>>> > > If we have 2+ committers there, we should consider organizing a BOF.
>>> > >
>>> > > Hope everyone is having a good holiday break!
>>> > >
>>> > > Matt
>>> > >
>>> > > --
>>> > > http://raibledesigns.com
>>> > >
>>> >
>>>
>>
>>
> 
> 
> -- 
> Ian Kallen || Architect, Technorati Inc. || m: 415.505.5208
> blog@ http://www.arachna.com/roller/page/spidaman
> 
> 
> 

-- 
View this message in context: http://www.nabble.com/ApacheCon-Europe-2007-tf2887190s12275.html#a8307391
Sent from the Roller - Dev mailing list archive at Nabble.com.