Identity Matters

Norway is in a nice place when it comes to national identity federation. Aside from having the will to make it work, there are the very practical advantages of a unique national identifier and a trusting population to match. The child of these factors was a project called “MyID” that provided citizens with an authentication solution based on reusable pin codes and federating according the SAML2 standard.

Since it’s inception the solution has developed; or rather it’s goal has moved and the system has adapted. Back in the day, MyID was created to meet a specific need: authentication for the service aggregation portal “MyPage” that would support magic links (read: single sign on with aggregated services). Today, MyID has been superseded by ID-Porten which wraps the original pin code solution in a solution which also offers other authentication methods from smart-card based identity providers as of version 2.0, and that provides authentication for over 180 public service providers.

My personal satisfaction comes from seeing a national federation solution succeed so grandly; the majority of the Norwegian population over 13 use MyID/ID-Porten when interacting with the government! And did I mention that it is running on some fantastic open source access management software?

PS: I mentioned the Norwegian national identifier as a practical advantage, but didn’t claim that this was the right way to do it. Certainly the direction has to be away from using a single identifier even if it does make life easier, and thankfully this is where I understand ID-Porten to be headed.

Names come in all forms and sizes; official and informal, first middle and last, identifiers and labels. And here is a new type of the name: the ForgeRock name.

As Joe Brockmeier discussed in a blog entry last year, Open Source does not normally say anything about the trademarks that may apply to the software. The current situation in Sun-Oracle may leave a number of Open Source projects out in the cold – and when crunch time comes (is it here already?) then this may be a hot issue.

As Oracle recently removed all open downloads from opensso.org, ForgeRock are the new home of binary downloads for the OpenSSO community, providing essentially the same compiled code as before. Except for the name.

So – OpenAM is the new OpenSSO. Remember the name next time you need a build

One month has passed since Oracle completed their takeover of Sun. That month began with announcements of which products would be “strategic”, and a new company called ForgeRock was born. Relative quiet ensued as Oracle and Sun apparently got down to the internal bit and bolts of merging two organizations. It looks like the time has now come for Oracle to put their Open Source strategy into practice.

On February 24th, the OpenSSO Express builds were removed from opensso.org and the only remaining OpenSSO Enterprise download links to a protected page that requires a support contract with Oracle. At about the same time, the product roadmap on the same site was deleted entirely. Reports about this have started appearing in the media over the last few days, like here and here.

It is too early to draw conclusions, but if this is indicating a future direction then it does not bode well for the community. I don’t believe you can seriously run an Open Source project without providing any binaries. A member of the community who wants to get involved on opensso.org now faces a long series of tasks to check out the source code, set up their build environment and compile the binaries themselves – all this instead of the simple binary download before.

ForgeRock is stepping up to the plate here and providing OpenAM binaries built from the OpenSSO code (the product name is a potential issue so we are using different names), but this still does not change that the steps Oracle have taken over the last few days are in my opinion aimed at stifling the community rather than allowing it to continue to thrive.

Everything starts somewhere, and this blog is starting for a reason. We at ForgeRock have recently launched our business and have a lot to say – this blog is one of those ways

So I can start off by saying that the purchase of Sun by Oracle took a long time but was finally completed on January 27th. As you will see from www.forgerock.com, ForgeRock has it’s roots in the software side of Sun, with almost all our employees having a background from Sun. Naturally we have been interested to see how the takeover would play out, especially with regards to Sun’s open source strategy. Oracle has made several statements about the direction they will be taking including these webcasts.

One of open source products we are particularly involved in is OpenSSO – a fully-featured, enterprise-class product for authentication, authorization, federation and much more. Oracle has said that OpenSSO will continue as an open source project but that Oracle Access Manager will be their strategic product for web single sign-on, and Oracle Federated Identity Manager for federated single sign-on.

What does the “strategic” product choice mean in practice? Nishant Kaushik (architect for Identity Management products at Oracle) in his blog answers like this:

“Strategic” means that this is the product that we will be innovating and developing new features for.

So according to this Oracle will not be innovating and developing new features for OpenSSO, but still hosting the open source project. This can also be seen on the employee side of Oracle where key players from the OpenSSO team are apparently either no longer working there or have been transferred to other teams.

What is the next step for OpenSSO then?

ForgeRock