2. OpenSSO Enterprise
Buy one solution to solve ALL of your SSO problems
Web access management, Federation, and Secure Web services
2
3. OpenSSO Enterprise Model
●
Purchase an OpenSSO
Enterprise perpetual license
(formerly Access Manager),
Sun Identity Management
Suite subscription or Java
Enterprise System
subscription
●
Receive Support and
indemnification on OpenSSO
commercial builds and
Express builds.
● Customers choose whichever
builds works best for them!
3
4. OpenSSO Enterprise Options
• OpenSSO Express Build
> A community build that has undergone extensive
automated testing and moderate manual testing by Sun
Quality Assurance Engineering Team.
> Delivered every 3 months
• OpenSSO Commercial Build
> A community build that has undergone extensive manual
and automated testing by Sun Quality Assurance
Engineering Team.
> Delivered every 12 – 15 months
4
5. Solution: OpenSSO Web Access Management
Three Tough Challenges. One Powerful Solution.
• Centralized server configuration
• Centralized agent configuration
• Agent and proxy modes
• AAA Identity Services
• Embedded directory server for user store and policy store
• XACML support for standards-based policy management
• Consumes and translates 3rd party tokens from all major
WAM solutions
5
6. Solution: OpenSSO Federation
Three Tough Challenges. One Powerful Solution.
• The Fedlet, 8.5MB package that allows service providers to
create fully configured trust networks based SAML 2 in minutes
• Multi-protocol Federation Hub, easily federate with any company
regardless of what “federation language” they speak
• Virtual Federation Proxy, incorporate any number of legacy
authentications with a single instance of OpenSSO
• Supports all major standards including SAML, WS-Federation,
Liberty ID-FF, WS-Trust, WS-Security, and WS-Policy
• Consumes and translates 3rd party tokens from all major WAM
solutions
6
7. Solution: OpenSSO Secure Web Services
Three Tough Challenges. One Powerful Solution.
• Only standards-based solution in the world to provide a
pluggable, end-to-end secure web-services solution
• Out -of-box tooling by Netbeans and Glassfish
• SecurityToken Service that can be deployed as an
Integrated, or standalone, solution
• Security Token Service that can handle token issuance,
validation and translation via WS-Trust
• Policy enforcement point plugins for Weblogic, WebSphere,
Tomcat and JBOSS
7
8. Bonus: Entitlement Management
• Ability to protect resources and objects within them
> Generic policy engine
> Policy Decision Point
> Policy Management Point
> Identity Web Services to invoke Authorization
> Supports Java, C, REST, SOAP and XACML
8
9. Sun is Positioned in the Leaders Quadrant
Gartner Magic Quadrant for Web Access Management, Ray Wagner, Earl Perkins, Perry Carpenter, 10 November 2008
The Magic Quadrant is copyrighted 10 November 2008 by Gartner, Inc. and is reused with permission. The Magic Quadrant is a graphical representation of a marketplace at and for a specific time period. It depicts
Gartner's analysis of how certain vendors measure against criteria for that marketplace, as defined by Gartner. Gartner does not endorse any vendor, product or service depicted in the Magic Quadrant, and does not
advise technology users to select only those vendors placed in the “Leaders” quadrant. The Magic Quadrant is intended solely as a research tool, and is not meant to be a specific guide to action Gartner disclaims all
warranties, express or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose. The Magic Quadrant graphic was published by Gartner, Inc., as part of a larger
research note and should be evaluated in the context of the entire report. The Gartner report is available upon request from Sun Microsystems.
9
11. Carrier-Grade Monitoring (Q1 2009)
• Working with key Telco companies to develop
carrier-grade monitoring in OpenSSO
• Will provide server level monitoring and
management across entire OpenSSO Enterprise
deployment
> Test agents to ensure they are responding to client
requests.
> Real-time of view of OpenSSO Deployment
> Quickly identify and address problems
• Integrates with 3rd party monitoring and reporting
tools
11
12. More Ease-of-Use Task Flows (Q1 / Q2 2009)
• Protect a Resource Flow
• Create a Realm Flow
• Configure / Deploy and Agent Flow
• Configure an Authentication Store
• Configure an Instance
• Select an Admin for a Realm
12
13. SaaS Federation Task Flows (Q1 / Q2 2009)
• Provide simple task flows for configuring federated
SSO with popular SaaS services
• Focus on standards-based services rather than
proprietary
13
14. Entitlement Management (Spring 2009)
• Extend OpenSSO to solve access management,
federation, secure web services and
ENTITLEMENT MANAGEMENT.
> Policy Engine Benchmark – Millions of policies
> Killer Policy Management User interface
> Build as reusable composite service for RM and IM
> Policy attestation and entitlements warehouse
• 3 +1 = 4 Tough Challenges. One powerful solution.
14
15. Entitlement Management (Spring 2009)
Composite, Reusable Service
• Easily embed policy management point and policy
decision point as a composite, reusable service in
Identity Manager, Role Manager, 3rd party
application.
• Allows for a single policy store and common user
experience
• Invoke EM web services using IDE of choice
15
17. Free Training Labs
• Five downloadable, self-paced labs
> deploy two Apache Tomcat servers
> SSL-enable them
> install a software load balancer
> install OpenSSO into the environment
> configure for session failover
• Includes virtual image containing
OpenSolaris, Glassfish, OpenSSO
and OpenDS
> Fast forward or rewind image using ZFS
• Go to OpenSSO.org and click on
Training
17
18. OpenSSO Community
• In less than 2 years...
> 750+ project members at
opensso.org
> ~15 external committers
• Production deployments
> www.audi.co.uk
250,000 customer profiles
> openid.sun.com
OpenID for Sun employees
> telenet.be
Foundation for fine-grained
authorization
18
