opensso roadmap aquarium
DESCRIPTION
Roadmap for OpenSSO. Presentation at TheAquarium OnlineTRANSCRIPT
2
What's Next
• More Ease-of-Use Task Flows
• Mobile One Time Password.
• Reverse Proxy with Password Replay.
• Carrier-Grade Monitoring
• Entitlement Enforcement
• Fedlet for .NET
• Embedded Glassfish Container
3
More Ease-of-Use Task Flows (Q1 / Q2 2009)
• Protect a Resource Flow
• Create a Realm Flow
• Configure / Deploy and Agent Flow
• Configure an Authentication Store
• Configure an Instance
• Select an Admin for a Realm
4
SaaS Federation Task Flows (Q2 2009)
• Provide simple task flows for configuring federated SSO with popular SaaS services• Focus on standards-based services rather than
proprietary
5
Carrier grade monitoring
• Server level monitoring and management across entire OpenSSO deployment> Test agents to ensure they are responding to client
requests.> Real-time of view of OpenSSO Deployment> Quickly identify and address problems on Server side
and client side.
• Integrates with 3rd party monitoring and reporting tools.(OpenView, Unicenter, OpenNMS, Zenoss).• Basic monitoring data viewer and graphing.
6
Reverse Proxy Agent
• 100% pure Java• Standards compliant reverse proxy.• Standard war file deployment• Transparent authentication.• Session loss recognition and re-authentication• Dispatch via regular expressions.• Central management of access control policies.• Policies are enforced by standard policy agent.
7
OTP - One Time Password (Q4 2009)
• Based on OATH reference architecture.• Support for HOTP & TOTP specification.• Supports either 6 digits or 8 digits.• Configurable validity for an OTP password.• Support for both email and OTP password.• Will be used in conjunction with other authentication
modules.
8
Entitlement Enforcement (Spring 2009)
• Extend OpenSSO to solve access management, federation, secure web services and ENTITLEMENT ENFORCEMENT.
> Policy Engine Benchmark – A million policies.> Killer Policy Management User interface> Build as reusable composite service for RM and IM.> XACML enhancements.
– XACML Policy Definition Language.– Support for XACML Import / Export.
• 3 +1 = 4 SSO Problems. One powerful solution.
9
Fedlet (.NET)Problem• How do I federation enable an online
business partner (Service Provider) without it having to deploy and manage a full fledged heavy weight Federation solution?
OpenSSO Fedlet• A lightweight service provider
implementation of SAML protocol which can be deployed on a Java EE container.
• Can be easily embedded in a Service Provider application enabling it to communicate with an Identity Provider using SAML.
Benefits• Greater ROI on existing investments (e.g.
hardware)
• Simple to deploy and embed an SP application.
• Ideal for scenarios where SSO with IDP and retrieval of user attributes is the requirement.
Fedlet – The lightest and fastest way to federate.
10
OpenSSO Enterprise 8.1
OpenSSO Enterprise Roadmap
11
More Information• OpenSSO Wiki
http://wiki.opensso.org/
• OpenSSO Projecthttp://www.opensso.org
• OpenSSO Enterprisehttp://www.sun.com/opensso
12
Thank You.
12