Though it’s likely soon to become part of Oracle, Sun is still rolling out new product releases. Today, Sun announced new open source identity federation capabilities with openSSO, as well as integrated MySQL capabilities for identity management.
Managing identity and access in an increasingly globally distributed environment is no easy task, but with the new releases, Sun (NASDAQ: JAVA) is aiming to make it easier. The enhancements for its identity business include giving openSSO — the “SSO” stands for “single sign-on” — new abilities to interoperate with Google Apps Premier Edition as well as providing Sun’s users with more deployment opportunity choices.
Sun’s identity announcements had already been in progress prior to the announcement of Oracle’s (NASDAQ: ORCL) acquisition. Oracle has its own identity management and federation products and it’s unclear at this point what Oracle has in store once it completes the acquisition of Sun later this year.
In the meantime, Sun is pushing forward with its plans on identity. OpenSSO is an open source product that enables Web access management, handling single sign-on and authorization. One of its key feature is federation, which is a standards-based single-sign approach for apps outside the boundaries of an organization.
“We’re now using openSSO to extend the capabilities of an organization to include SaaS application within their single sign-on network,” Daniel Raskin, Sun’s chief identity strategist, told InternetNews.com. “That means that, for example, an employee could long onto Sun portal, click on Google Mail and using their own enterprise credentials they get access using federation technology.”
Raskin explained that the federation capability makes use of the SAML
The new federation capability is not the result of a partnership with Google. Rather Raskin noted that Sun is making use of published Google specifications and APIs.
“The secret sauce for us is not so much about communicating with Google, but in providing a very simple workflow for someone to get it up and running quickly,” Raskin said.
He added that the Google federation is the first of many easy flows that Sun is planning. Future federation capabilities noted by Raskin might include Microsoft online services and Salesforce.com
While openSSO is available as a freely available open source product, Sun also sells a commercially supported version. Raskin does not expect that just because openSSO is available for free that enterprises won’t buy the commercial version. The commercial version includes support which Raskin argued is something that is critical in identity management.
“One reason why we put it out as open source is because web access management by its very nature gets very complex,” Raskin explained. “With something like Google Apps federation, if I can provide that through open source and provide people with a starter kit to get them up and running, they’ve essentially made a platform decision about federation.”
Sun is also expanding the availability of openSSO with the Amazon EC2 cloud service. Sun’s Glassfish middleware server is also going to be available on EC2 as part of an expanded cloud offering from Sun. Sun already makes MySQL and Solaris available on EC2. Raskin explained that by being on EC2 it makes it easier for Sun partners to test out technology without the need to have their own infrastructure.
Sun is now making its identity portfolio of product interoperable with MySQL, an an important step for MySQL, which can now work with every product in the Sun identity stack.
As a result of the latest developments, Sun’s Identity Manager can now use MySQL as a configuration store, the Role manager can use MySQL as an entitlement warehouse and openSSO can now use it as an identity repository, Raskin said.
For Sun, the effort to get MySQL integrated with its identity portfolio was mostly on the identity side, creating connectors and agents for MySQL connectivity.
“The new thing here is the choice,” Raskin said. “The story is that enterprises now have a choice of traditional directory, embedded directory or a relational database.”