August 29, 2006

Sun releases open source single-sign-on code

Author: Nathan Willis

Sun has officially released the source code to an identity management system under an open source license. Dubbed OpenSSO (Open Web Single Sign-On), the product is a suite of tools on which enterprises can build a unified authentication and session management framework to link disparate Web-based and Java-based applications.

OpenSSO is based on Sun's proprietary Java System Access Manager, and is distributed under Sun's Common Development and Distribution License (CDDL). CDDL is OSI-approved, but is not GPL-compatible.

The software requires a J2EE application server, but it has been pared down from its proprietary ancestor for the sake of portability. Much like its OpenOffice/StarOffice strategy, Sun plans to continue offering Access Manager as a commercial product. The current OpenSSO build is derived from Access Manager 7.0, and is available through public CVS. Sun has established a governance structure through which changes to the code are to be discussed and debated.

In order to actually commit changes to the code, however, developers must sign a contributer agreement assigning copyright to Sun, and granting Sun perpetual, irrevocable, royalty-free license to patented technology included in any commits.

At present, the OpenSSO code allows organizations to deploy a unified identity- and access-management system within a single domain. Thus users can access multiple services without having to log in to each separately. But the project's roadmap includes the ability to implement a single sign-on shared between multiple, independent vendors -- a capability known as federated identity.

Sun is the initial organizer of the Liberty Alliance, a consortium founded in 2001 partly in reaction to Microsoft's Passport. The Liberty Alliance exists to draft and promote public standards for digital identity management, including, among other things, federated identity. Its key specifications are the Identity Federation Framework (ID-FF) and the Identity Web Services Framework (ID-WSF).


  • News
Click Here!