Sun to expand open-source moves into secure ID arena

IDG News Service - Sun Microsystems Inc. plans to open-source its Web site authentication and single-sign-on technologies through its newly created Open Source Web Single Sign-On (OpenSSO) project, the company announced today. Sun hopes that the move will encourage Java developers to build more secure applications featuring identity management, according to a company executive.
"It's a way to move the market forward and fundamentally change the conversation people are having" to be less about identity management application suites and more about identity management services, said Eric Leach, Sun's director of product management for identity management. "To date, they have been arguing about the length and width of the railroad ties instead of laying down tracks and getting the trains running."
Sun also intends to release the source code for agents to connect the Web site authentication and Web SSO technologies with its Java System Web Server and Java System Application Server, Leach said.
The company will take all three pieces of source code -- authentication, single sign-on and agents -- into the open-source world following the release of Version 7.0 of its Java System Access Manager security software in the fall, Leach said. Read-only source code will be available at the start of 2006, he said, with Sun offering the full source code under the Common Development and Distribution License (CDDL) shortly afterward.
Sun will host an OpenSSO community Web site on its Java.net Web site at http://opensso.dev.java.net/, Leach said. The site will provide developers with information, including road maps, sample code, documentation and tutorials.
John Loiacono, executive vice president of Sun's software group, made the OpenSSO announcement during a speech at the Burton Group's Catalyst Conference in San Diego.
The move marks Sun's third major foray into open-sourcing its software. Last month, at the JavaOne conference in San Francisco, Sun announced plans to open-source both its Java System Application Server Platform Edition and its Java Business Integration specification under the CDDL. Back in January, the company released OpenSolaris, an open-source version of its operating system, also under the CDDL.
Earl Perkins, an analyst at Gartner Inc., sees Sun's move as a way to get more exposure for its software, which hasn't been widely adopted by corporations. "It's a way of bringing it into the light for consideration by enterprises," he said.
Sun's Leach doesn't deny that. "I certainly hope that's one of the effects," he said.
Today's identity and access management market is dominated by Computer Associates International Inc.'s Netegrity SiteMinder and RSA Security Inc.'s ClearTrust, Perkins said. Other strong products include IBM's

Reprinted with permission from

IDG.net
Story copyright 2009 International Data Group. All rights reserved.