The Sales Engineering team and Product Engineering team at Sun recently launched a monthly podcast about Federated Access Manager (the next release of Access Manager and Federation Manager). It’s a great source to get a deep understanding of the product and it’s breadth of capabilities.
You can . . .
1. Listen at www.famtalk.org

2. Subscribe at iTunes . . .

3. Subscribe to the RSS feed
A big thanks to Terry, Tim, Pat and Steve for pulling this together. It’s outstanding!

Liberty Alliance just announced the results of their SAML 2.0 interoperability. Sun had the most comprehensive coverage of any vendor participating. Check out the results . . .

I’ve participated in some interesting discussions over the past few months on federating with popular SaaS applications such as Google, Dopplr, WordPress or Twitter. Federated SSO offers organizations some very nice options for integrating top SaaS applications to create a best of breed internal infrastructure for employees.
Organizations should not have to worry about hosting their own blog servers, wikis, and calendars when they can simply federate with best of breed offerings and secure the identity accessing them. Rather than having to choose one vendor they should be able to choose from a smörgåsbord of SaaS apps to construct the infrastructure that best meets their need.
A great example of this is SSOCircle, which has put together a federated relationship with Google Apps using OpenSSO (the code base from which Sun’s Access Manager and Federation Manager are produced). Check out the screens below that show me signing up for SSOCircle and also generating a federated relationship with Google Apps. Very simple yet powerful example of federated SSO using SAML 2.0 single sign-on.
1. I go to SSOCircle and click the Login button on the left hand side of the screen. (Note the beautiful OpenSSO logo prominently displayed on the page.)

2. I enter my SSOCircle credentials and click Log In.

3. I’m now logged in to SSOCircle and you can view my google apps email, which is an ssocircle.com email address.

4. I click the ssocircle email link and it logs me in directly to Google Apps, Google Docs or Google Calendar. Note the SSOCircle email address. Pretty funky.

OK. Lots of people ask me what a New York Jew does during the Christmas holiday in California. Quick answer is chinese food and a movie, but this year my friend Steve decided to choreograph a bit of festive fun with our two little boys — Taro (my boy) and Owen (Steve’s boy). Taro is almost 11 months and is the one with the big smile. Click on the image and enjoy the show . . .

Last week Bavo De Ridder wrote a blog about OpenSSO Identity Services. Bavo reviewed two technical articles on the Sun Developer Network that demonstrate authentication and authorization identity services in OpenSSO. As a result of Bavo’s blog, I thought it would be useful to provide a bit more background on how we’re taking identity services to market and where we plan to go with this capability.
FOCUS ON THE DEVELOPER FIRST
A key goal of the OpenSSO and Sun’s access/federation strategy is to make access management, federation, and web services security ubiquitous and accessible. Many access management and federation solutions target large enterprises only and require sophisticated technical knowledge when it comes to deployment and use. That said, there are many users out there that simply want basic authN, authZ and audit capabilities that are easy to use and just work.
The focus of our first release of identity services targets exactly that. Simply put, folks like Bavo De Ridder are not our target user. We are targeting the little guy. The developer that needs lightweight SSO, but doesn’t want to know a lot about access management and federation. Essentially, we’re focused on the developer in this first iteration.
BUILD IDENTITY SERVICES 2.0 WITH REAL CUSTOMERS
Now, do we want to enable more sophisticated identity services that leverage more advanced technologies and protocols? Yes, most definitely. Will we do this. Again, the answer is yes. That said, our first release of identity services targets the broadest set of users possible. We want developers, start-ups, and SMBS to have a low-tier option that they can leverage through the open source community. All of these capabilities will also be made available in Sun’s next release of Federated Access Manager and we are already working with our customers to define the next iteration, which will include many capabilities that Bavo outlined.
STAKE IN THE GROUND
Finally, we’ve put a stake in the ground. OpenSSO is already extremely robust and is the code base for Sun’s Federated Access Management solution, which is deployed in more than 1800 locations. It contains access management, federation and web services security in a single self-contained java application. We’ve put a stake in the ground with identity services and have stated Sun’s committment to driving innovation in this space with the help of our customers. Finally, we want to hear what you have to say, so I encourage more emails like Bavo’s. I also encourage folks to join OpenSSO and participate in shaping OpenSSO identity services. Build out extensions and check them in. Submit ideas. Test existing capabilities and identify bugs or enhancements.
’nuff said.