ForgeRock Community Blog Syndicate

One of the key control points in enterprise software is the provisioning or IDM software. It’s the point all the threads of directory, authentication, authorisation and provisioning come together and it’s the part that the proprietary vendors are least willing to surrender to that great deposer of control points, community-based open source software.

When ForgeRock (where I work) got started, some companies who had been promised an open source IDM by a vendor who then reneged on the promise asked if we’d join them building one. After about nine months collaborative work, the result was the OpenIDM project, for which ForgeRock announced support back in October.

That wasn’t the end of the process of course, and the pace is being maintained. I’m delighted to see that the emerging community is organising an OpenIDM Design Summit in two weeks in Oslo (January 26-27), both as a meeting point for the developers building it and as a meeting for the developers and businesses deploying it (mainly in Scandinavia at the moment, but the meeting will be in English). ForgeRock is providing the facilities and the agenda looks very interesting.

Today is a significant milestone for the new venture I’m helping, ForgeRock. We’ve announced availability of our first full independent release of OpenAM, the open source authentication and access management system. If you look at the release, you’ll see it’s a significant update, with SAML2 support, fine-grained authentication controls and a host of other improvements.

It’s significant for open source because it signals that the OpenAM community – especially the part on ForgeRock’s own team – is up to speed maintaining and evolving the code and that the transition from its former home is going well. And it’s important to OpenSSO customers because it finally gives them a smooth upgrade path from the version 8 of Sun’s old OpenSSO product, which most of them are using.

My congratulations go out to the whole community for their work, but especially to the ForgeRock team who have been working flat out to make it happen – especially Steve, who really deserves a break! Great job, everyone!

Names come in all forms and sizes; official and informal, first middle and last, identifiers and labels. And here is a new type of the name: the ForgeRock name.

As Joe Brockmeier discussed in a blog entry last year, Open Source does not normally say anything about the trademarks that may apply to the software. The current situation in Sun-Oracle may leave a number of Open Source projects out in the cold – and when crunch time comes (is it here already?) then this may be a hot issue.

As Oracle recently removed all open downloads from opensso.org, ForgeRock are the new home of binary downloads for the OpenSSO community, providing essentially the same compiled code as before. Except for the name.

So – OpenAM is the new OpenSSO. Remember the name next time you need a build

Everything starts somewhere, and this blog is starting for a reason. We at ForgeRock have recently launched our business and have a lot to say – this blog is one of those ways

So I can start off by saying that the purchase of Sun by Oracle took a long time but was finally completed on January 27th. As you will see from www.forgerock.com, ForgeRock has it’s roots in the software side of Sun, with almost all our employees having a background from Sun. Naturally we have been interested to see how the takeover would play out, especially with regards to Sun’s open source strategy. Oracle has made several statements about the direction they will be taking including these webcasts.

One of open source products we are particularly involved in is OpenSSO – a fully-featured, enterprise-class product for authentication, authorization, federation and much more. Oracle has said that OpenSSO will continue as an open source project but that Oracle Access Manager will be their strategic product for web single sign-on, and Oracle Federated Identity Manager for federated single sign-on.

What does the “strategic” product choice mean in practice? Nishant Kaushik (architect for Identity Management products at Oracle) in his blog answers like this:

“Strategic” means that this is the product that we will be innovating and developing new features for.

So according to this Oracle will not be innovating and developing new features for OpenSSO, but still hosting the open source project. This can also be seen on the employee side of Oracle where key players from the OpenSSO team are apparently either no longer working there or have been transferred to other teams.

What is the next step for OpenSSO then?

ForgeRock