Hi Ian, You might want to take another look at OpenSSO - it's thriving! We completed our first phase of code rollout in August - https://opensso.dev.java.net/servlets/NewsItemView?newsItemID=4039 - all the code required to build a working access control and single sign-on solution, and followed it up with all the federation code in November - https://opensso.dev.java.net/servlets/NewsItemView?newsItemID=4377 - supporting SAML 1.x, Liberty ID-FF, ID-WSF and SAML 2.0. You can also find our architecture docs here: https://opensso.dev.java.net/servlets/ProjectDocumentList?folderID=4019&expandFolder=4019&folderID=4018
Not only are the mailing lists alive (take a look at monthly traffic on the [EMAIL PROTECTED] list - https://opensso.dev.java.net/servlets/SummarizeList?listName=users), we have committers external to Sun and a web agency in the UK has already built a solution on OpenSSO and deployed it into production - http://blogs.sun.com/superpat/entry/audi_uk_using_opensso_to So - vaporware? Anything but. As far as OpenID goes, it's orthogonal to OpenSSO. OpenID is an authentication protocol. OpenSSO is an access control/single sign-on/federation server. As I mentioned above, OpenSSO already supports the SAML and ID-FF protocols for cross-domain/federated authentication and single sign-on, and we are adding WS-Federation soon (http://blogs.sun.com/superpat/entry/development_in_the_open_opensso). In fact, one of our committers is looking at adding OpenID support to OpenSSO right now. Sorry for the off-topic rambling, but I felt I had to correct the inaccuracies. Fair disclosure - I work at Sun. OpenSSO is my day job. So, I'm highly biased, but, on the other hand, I do know what I'm talking about. Cheers, Pat http://blogs.sun.com/superpat Ian Kallen-2 wrote: > > AFAICT, OpenSSO is vaporware; it's been months and Sun hasn't released > any specs or working code. OTOH OpenID works *now*. Technorati profiles > work as identities. For instance, Dave, you can log in to your > Technorati account and then use your logged-in status to authenticate on > zooomr.com, ma.gnolia.com or wikitravel.com (or any service supporting > OpenID 1.1, AFAIK) using http://technorati.com/profile/snoopdave. And > blogging platforms that supply URL based identities with OpenID can > seamlessly claim their blogs on Technorati (try it: claim a Vox or > LiveJournal blog). I'm not sure of the state of the java OpenID > implementations, anyone interested in developing comment authentication > with OpenID (which I think would be *great*, I hate identity silo > proliferation and capthas), I can introduce to the folks at JanRain, > they have a lot of working code that's live out in the wild. > -Ian > > Matt Raible wrote: >> What about OpenSSO? I found this discussion, but nothing comparing >> OpenSSO with OpenID. >> >> http://blogs.sun.com/superpat/entry/opensso_it_s_alive_alive >> >> Matt >> >> >> On 12/27/06, Dave <[EMAIL PROTECTED]> wrote: >>> Foo. I hit the send button too soon. >>> >>> That's a great idea for a talk and I don't think the title is too bad, >>> it's nice and descriptive. Another SSO option worthy of exploration is >>> OpenID. >>> >>> - Dave >>> >>> >>> >>> On 12/27/06, Dave <[EMAIL PROTECTED]> wrote: >>> > I'm also planning on submitting papers to ApacheCon EU 2007. >>> > >>> > - Dave >>> > >>> > >>> > >>> > On 12/27/06, Matt Raible <[EMAIL PROTECTED]> wrote: >>> > > Roller Developers, >>> > > >>> > > I just thought I'd let y'all know that I'm going to try to speak at >>> > > ApacheCon 2007 Europe. I submitted a few proposals this morning, >>> > > including the following 1/2 day tutorial for Roller and Acegi >>> > > Security: >>> > > >>> > > <abstract> >>> > > Security and Single Sign-on: Roller, Geronimo/LDAP, and Acegi >>> Security >>> > > >>> -------------------------------------------------------------------------------- >>> >>> >>> > > Acegi Security is quickly becoming a widely respected security >>> > > framework for Java applications. Not only does this security >>> framework >>> > > solve many of the deficiencies of J2EE's security mechanisms, but >>> it's >>> > > also easy to implement and configure. This tutorial will help you >>> > > learn more about Acegi Security, as well as how to integrate it into >>> > > your web applications. The Roller Weblogger project (currently in >>> > > Apache's incubator) uses Acegi Security for many of its features: >>> > > authentication, password encryption, remember me and SSL switching. >>> > > After learning about Roller and Acegi, you will see how to deploy >>> > > Roller onto Tomcat and Geronimo. Following that, you will learn >>> how to >>> > > hook Roller/Acegi into Apache Directory Server for authentication. >>> > > Finally, you will learn how to integrate Roller with a Single >>> Sign-on >>> > > System (Yale's Central Authentication Service - >>> > > http://www.ja-sig.org/products/cas). >>> > > >>> > > Proposed Agenda: >>> > > Hour 1: Introduction to Acegi Security >>> > > Hour 2: Introduction to Roller, Installing on Tomcat and Geronimo >>> > > Hour 3: Integrating Roller with LDAP (Apache DS) and CAS >>> > > </abstract> >>> > > >>> > > I'm interested in finding a flashier title, in case anyone has >>> > > suggestions. Is anyone else planning on attending and/or >>> presenting? >>> > > If we have 2+ committers there, we should consider organizing a BOF. >>> > > >>> > > Hope everyone is having a good holiday break! >>> > > >>> > > Matt >>> > > >>> > > -- >>> > > http://raibledesigns.com >>> > > >>> > >>> >> >> > > > -- > Ian Kallen || Architect, Technorati Inc. || m: 415.505.5208 > blog@ http://www.arachna.com/roller/page/spidaman > > > -- View this message in context: http://www.nabble.com/ApacheCon-Europe-2007-tf2887190s12275.html#a8307391 Sent from the Roller - Dev mailing list archive at Nabble.com.
