When Oracle bought Sun, there were many unanswered questions about Sun's open-source portfolio of programs. Over a year later, we still don't know if OpenSolaris is going to have Oracle's support. But we do know that OpenSSO, an open-source access management and federation server platform, will live on as a product under the new open-source company ForgeRock.
ForgeRock is an ISV (independent software vendor) composed of former Sun business and technology experts. The company claims that it based its "business exclusively on open source products." The first of these is its I3 Open Platform. This identify management suite is built on top of several open-source programs including OpenAM, which is based on OpenSSO; OpenESB; OpenIdM; and OpenPortal, which is built on LifeRay.
According to Simon Phipps, former chief open source officer at Sun and, as of May 10th, a member of ForgeRock's board and the Norwegian company's chief strategy officer, ForgeRock's I3 Open Platform is an open, high-performance and unified platform addressing.
In an interview, Phipps told me that he thinks that ForgeRock is the first company to do a serious attempt at a "pure-play open source business. While Oracle own all the copyrights, ForgeRock will be selling subscriptions that give strong SLAs (Service Level Agreements) that meet the needs of people using access management." At the same time, "ForgeRock will be hiring developers to keep the code current, update it to keep it up to date with the latest operating system releases, and support for integration on latest applications."
The program, the core of which is under the CDDL (Common Development and Distribution License), will have, said Phipps, "No lock-in, no special versions, and no dual-license." This approach is already proving popular. According to Phipps, the three-month-old company already has 15 customers and more in the pipeline.
Oracle hasn't reacted yet to this effort by some of Sun's open-source exiles, but Phipps doesn't expect any trouble. "We don't compete really with Oracle. OpenSSO doesn't fit their business, which is why they are dropping it."
ForgeRock's real competition will be, to some extent, Microsoft with AD (Active Directory). But, Phipps said, "We feel we're targeting an under-served market segment that Sun had found but which Oracle think is too low-value to target." Specifically, "Companies building custom systems from open source and/or Java components or anything large needs centralized authentication."
In short, ForgeRock is an organized solution for companies that need serious authentication but don't want to have to fool with customized LDAP (Lightweight Directory Access Protocol). I like this plan a lot. While it targets a small niche, ForgeRock is the kind of program that if you do need it, you really need it badly. While you can cobble together similar solutions with other programs, AD and LDAP spring to mind, having a complete ready-to-go, open-source stack is a very attractive package.
In a broader scope, what ForgeRock is doing shows that other Sun open-source programs may yet live on even if Oracle isn't interested in supporting them. OpenSolaris supporters, in particular, should take note of this. An independent OpenSolaris effort may be what's required to keep the operating system alive since Oracle has no real fondness for OpenSolaris.