Towards an Open Identity Infrastructure with OpenSSO

Even though the OpenSSO project achieved its first commercial release with Sun OpenSSO Enterprise 8.0 in November 2008, the open source community around the project has become even more important than ever. The past year has seen the OpenSSO’s community double in size, with new community-driven extensions for integrating with technologies such as Spring Security, Atlassian Seraph (the security system behind Jira and Confluence), JA-SIG CAS and more. Now that OpenSSO fully supports OpenDS as an identity store, it is now possible to deploy a complete identity infrastructure using open source software. Come to this session and learn how OpenSSO can integrate systems as diverse as SugarCRM, Google Apps and Active Directory.

• Conférence web site (here)
• Presentation download (here)

European Identity Conference (EIC) is the place to meet with enterprise technologists, thought leaders and experts to learn about, discuss and shape the market in most significant technology topics such as Identity Management, Governance, Risk Management and Compliance (GRC) and Service Oriented Architecture (SOA). With its world class list of speakers, a unique mix of best practices presentations, panel discussions, thought leadership statements and analyst views, EIC has become an absolute must-attend event for enterprise IT leaders from all over Europe.

Moving Digital Identity to the Cloud: a Fundamental Shift in Rethinking the Enterprise Collaborative Model.

Conférence official website (here)  slides (here) Interview (here)

Abstract:  In light of current technologies most businesses of today tend to abandon their legacy centralised organisation for some form of a distributed model. As a result, the hard identity border that was present in enterprises (customers/patterns/employees) or in governments (citizens, foreigners, residents) has moved from what used to be a clear and strong separation wall, into some form of a wide and foggy zone.

While it is still very popular to discuss and promote Identity: compliance, roles, certification, provisioning... it is quite amusing to notice that most of those concepts were inherited from a very centralised vision or the world. As a result most previous Identity concepts do not fit very well within a distributed model, especially when the model needs to scale at Internet speed.

                         Authentification – Autorisation – Fédération

                               Se diriger dans la jungle de l'identité.

Ces derniers mois nous avons vu passer une avalanche d'annonces relatives à la gestion d'identité
pour les authentifications et autorisations des services web. Comme toutes ces initiatives surfent sur
la même vague, et abusent des termes à la mode tel que: fédération, identité centrique, identité-2.0,
web-services identifiés, etc. Les généralistes ont de plus en plus de difficultés à conserver une
vision fonctionnelle de haut niveau propre à la prise de décision quant au choix de l'une ou l'autre
des technologies.
Cette présentation à pour but d'aider un public non expert tel que les chefs de projets, directeurs de
services, architectes à comprendre les fondamentaux des différents modèles de gestion d'identités et
leurs implications sur les contrôles d'accès, la sécurité ou la protection de la vie privée.
Le but est de fournir aux auditeurs suffisamment de connaissances générales pour qu'ils puissent se
diriger dans la jungle de l'identité. Leur fournissant les clefs de cette forêt primitive où SAML2,
Liberty Alliance, Oauth, Concondia, Cardspace, Infocard,... s'emmêlent avec trop souvent des
protocoles incompatibles, des modèles de gouvernance divergents, et des spectres fonctionnels qui
s'entrecroisent.
Après une explication des différents modèles historiques, nous approfondirons les motivations et
caractéristiques principales des trois grands modèles en vogue: LibertyAlliance-SAML2,
CardSpace-InfoCard et OpenID-OAuth. Enfin nous conclurons sur les options et options
potentielles de convergences futures.

Diapositives de la présentation (ici)

WEB-2.0 and new generation of Identity aware architecture start to become reality, and quite surprisingly governments might be the 1st one to deploy such technologies. Europe has many on going projects, and a strong dead line for 2010 where any EU citizen should be able to access  every services from any members state countries, from anyware using its national credentials. Many  governmental agencies already endorsed the SAML2-Liberty model as the foundation framework for a new generation of eGovt applications, and while some already deployed the first wave of applications a little more than a year ago, some others are still debating on how to approach the problem.

After looking at why people have chosen a Federated model, we will take examples from different users' deployments to describe the different waves of identity-aware applications as they move from Federation toward full WEB-2.0 composition. We'll start from what is currently already or in the process of being deployed, and will close with the expected deployments in the 18 to 36 months time frame, showing how the SAML2/Liberty-IDWSF framework maps to the different classes of use-cases. Finally we will show what's coming next, especially the class of requirements that make social networking and multiple identity per transaction so important for a future generation of WEB-2.0 identity aware applications.

Fulup-Slides