LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Weekly Edition

Return to the Press page

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Sun releases open source single-sign-on code (NewsForge)

[Posted August 29, 2006 by ris]

NewsForge reports that Sun has released the source code to OpenSSO (Open Web Single Sign-On), an identity management system. "OpenSSO is based on Sun's proprietary Java System Access Manager, and is distributed under Sun's Common Development and Distribution License (CDDL). CDDL is OSI-approved, but is not GPL-compatible."
(Log in to post comments)

Sun releases open source single-sign-on code (NewsForge)

Posted Aug 29, 2006 23:12 UTC (Tue) by bronson (subscriber, #4806) [Link]

Dead cat bounce?

I thought the centralized ID schemes that were so popular back in 2001-2002 had mostly died out. Even the name ("Open$acronym") is antiquated.

Who are they targeting with this software? It seems to require a heavyweight Java-based backend and a lot of faith in Sun. Not many people with that nowadays. :)

I'm hoping OpenID proves useful. It seems great in theory but I haven't had a chance to really give it a good look yet.

Sun releases open source single-sign-on code (NewsForge)

Posted Aug 30, 2006 7:50 UTC (Wed) by dune73 (subscriber, #17225) [Link]

There is a market for this. I know a small segment of the enterprise market and they use expensive, higly proprietary, sometimes custom built single-sign solutions. Sold by highly skilled vendors ...

If you can link the extranet/intranet application to the enterprise active directory or some sort of alternative (if you are in such a happy position, where you have an alternative) and if you are able to do so without requiring the user to enter a password at a login screen of the application. Then you are quite popular with users and the management alike.

I have not looked into this openSSO enough. But j2ee on the reverse proxy would be a nuissance. On a dedicated login server and the application server, it could be accepted.

Sun releases open source single-sign-on code (NewsForge)

Posted Aug 30, 2006 18:56 UTC (Wed) by josh_stern (guest, #4868) [Link]

Basic single sign on is useful to some big organizations. For example, suppose you have sales guys traveling a lot and updating info relevant to forecasting from remote locations.

In the example above, there is a basic use-oriented security context for the sign on and presumably more graded levels of priviledge in the database itself. But in higher security environments, it might ultimately be a good idea to attach a dimension representing the quality of the sign on to a session - e.g. using a cryptographic dongle on site is a lot more secure than using a password over the web. Because Java has pluggable built-in security management at an operational level in the JVM, it's possible that an enterprise could implement some scheme like that work without the cost and complexity nightmare of trying to make it visible at the application level. Not sure if the features and speed for this are ready for this or not yet, but it's an idea that could be closer with Java than with other application platforms.

Copyright © 2006, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds