A Norwegian startup is assuming responsibility for maintaining an open source web authentication technology originally developed by Sun Microsystems, and seemingly neglected by Oracle, which purchased Sun in January. The company, ForgeRock, has released a new version of Sun's Open Single Sign On (OpenSSO) Enterprise software, called OpenAM, that adheres to the OpenSSO roadmap established by Sun.
"It's a pretty easy migration path for all the customers who have found themselves stranded on OpenSSO. They can safely migrate to a current version," said Simon Phipps, chief strategy officer at ForgeRock, and former chief open source officer at Sun. Phipps was one of a number of employees who have joined ForgeRock since Oracle's purchase of Sun.
Oracle continues to display a page on its website for OpenSSO, though it has removed the free downloadable version of the product. The company has not made any announcements about future releases of the software, and did not respond to a request for comment.
Sun created OpenSSO in 2005 as an open source version of the Sun Java System Access Manager, licensing the software under the Common Development and Distribution Licence (CDDL). The software was designed for large transactional websites that require users to log in and keep accounts.
"This enterprise identity middleware was actually a big success at Sun. It was doing very well at competing with IBM, Oracle and CA," Phipps said. The company estimates that OpenSSO has a customer base in "the low four digits," said Allan Foster, who heads US operations for the company and is a former Sun support manager for OpenSSO.
"Pretty much every day we get an email from some company that was doing an evaluation of OpenSSO, and they want to move on to a pilot or even a full-production deployment, and they discovered that they can't buy a subscription to it, so they come to us," Phipps said.
Upgrading from OpenSSO Enterprise 8 to OpenAM version 9.5 should be a largely painless transition, Phipps promised. Those using the older version of OpenDS may have to do some work to upgrade to the newer version of that server but "on the whole, customers will find that this is a pretty seamless update," Phipps said.
While the software itself is open source, ForgeRock sells enterprise subscriptions for support and maintenance. At least one other company, OSSTech in Japan, is also working on and selling support for OpenAM. OpenAM is one component of ForgeRock's I3 enterprise platform, which also includes OpenESB (an enterprise service bus), OpenIdM (an identity access manager) and OpenPortal.
Last week, at the O'Reilly Open Source Conference (OSCON), Phipps gave a talk about how an open source project can survive after it loses corporate support. In addition to working with OpenAM, Phipps is also on the governing board for OpenSolaris, another open source software package inherited by Oracle whose future remains uncertain.
In the case of OpenSolaris, Phipps noted that there are portions of the operating systems that are not open source, and so assuming control of the software would be difficult for the OpenSolaris community, or another company. Another roadblock to OpenSolaris' survival outside of Oracle is that most of the engineers who worked on OpenSolaris were Sun Microsystems employees, and now are Oracle employees. Unless Oracle allows them to continue contributing to the code base, it is doubtful that enough outside expertise exists to keep maintaining and improving the OS.
In the case of OpenSSO, ForgeRock has hired a significant number of ex-Sun engineers who are familiar with the product. Most did not develop the software itself, but rather worked as customer support specialists who were highly knowledgeable with the code base, Phipps said.
"It's a pretty easy migration path for all the customers who have found themselves stranded on OpenSSO. They can safely migrate to a current version," said Simon Phipps, chief strategy officer at ForgeRock, and former chief open source officer at Sun. Phipps was one of a number of employees who have joined ForgeRock since Oracle's purchase of Sun.
Oracle continues to display a page on its website for OpenSSO, though it has removed the free downloadable version of the product. The company has not made any announcements about future releases of the software, and did not respond to a request for comment.
In February, ForgeRock issued its first release of OpenAM, the name was changed for trademark reasons, which was basically a snapshot of Sun OpenSSO Enterprise 8. OpenAM 9.5 is the first version that upgrades the software from the Sun version.
The software package includes a number of updates, including the ability to support version 2 of the Security Assertion Markup Language (SAML), a standard for exchanging authorisation information across different systems. It also includes a new monitoring framework, and a new version of the directory server, called OpenDS. Patches issued since the last release of OpenSSO have also been rolled into the new version, and various bugs have been fixed as well.Sun created OpenSSO in 2005 as an open source version of the Sun Java System Access Manager, licensing the software under the Common Development and Distribution Licence (CDDL). The software was designed for large transactional websites that require users to log in and keep accounts.
"This enterprise identity middleware was actually a big success at Sun. It was doing very well at competing with IBM, Oracle and CA," Phipps said. The company estimates that OpenSSO has a customer base in "the low four digits," said Allan Foster, who heads US operations for the company and is a former Sun support manager for OpenSSO.
"Pretty much every day we get an email from some company that was doing an evaluation of OpenSSO, and they want to move on to a pilot or even a full-production deployment, and they discovered that they can't buy a subscription to it, so they come to us," Phipps said.
Upgrading from OpenSSO Enterprise 8 to OpenAM version 9.5 should be a largely painless transition, Phipps promised. Those using the older version of OpenDS may have to do some work to upgrade to the newer version of that server but "on the whole, customers will find that this is a pretty seamless update," Phipps said.
While the software itself is open source, ForgeRock sells enterprise subscriptions for support and maintenance. At least one other company, OSSTech in Japan, is also working on and selling support for OpenAM. OpenAM is one component of ForgeRock's I3 enterprise platform, which also includes OpenESB (an enterprise service bus), OpenIdM (an identity access manager) and OpenPortal.
In the case of OpenSolaris, Phipps noted that there are portions of the operating systems that are not open source, and so assuming control of the software would be difficult for the OpenSolaris community, or another company. Another roadblock to OpenSolaris' survival outside of Oracle is that most of the engineers who worked on OpenSolaris were Sun Microsystems employees, and now are Oracle employees. Unless Oracle allows them to continue contributing to the code base, it is doubtful that enough outside expertise exists to keep maintaining and improving the OS.
In the case of OpenSSO, ForgeRock has hired a significant number of ex-Sun engineers who are familiar with the product. Most did not develop the software itself, but rather worked as customer support specialists who were highly knowledgeable with the code base, Phipps said.
After more than 18 months of development, Norway-based ForgeRock has announced the availability of version 9.5 of its OpenAM access management product. Discussing the announcement, ForgeRock chief strategy officer and former Chief Open Source Officer at Sun Microsystems Simon Phipps said, “This is an important milestone for the OpenAM community”, adding that, “This achievement marks the first fully community-sourced release of OpenAM. We’re very pleased that users of OpenSSO Enterprise 8 can easily and freely migrate to OpenAM 9.5 now that the updates have been made.”
OpenAM 9.5 features fine-grained authorisation based on XACML, a new monitoring framework and enhanced multi-platform support. Other changes include the addition of enterprise single sign-on, and various speed, reliability and performance enhancements. The underlying replication architecture has also received a number of changes, including updates to the federation implementation and use of the OpenDS 2.3 engine in the embedded configuration store.
OpenAM is based on Sun's OpenSSO product which Oracle have apparently abandoned. The open source authentication, authorisation, entitlement and federation product was rescued for the community by ForgeRock in February and renamed OpenAM for trademark reasons. OpenAM is complemented by a range of ForgeRock's other products: OpenESB, OpenIdM and OpenPortal (based on LifeRay).
More details about the release can be found in the official press release and in the release notes. OpenAM 9.5 is available to download from the ForgeRock downloads page.