1

OpenSSO Roadmap

Sidharth Mishrasid@sun.com

1

2

What's Next

• More Ease-of-Use Task Flows

• Mobile One Time Password.

• Reverse Proxy with Password Replay.

• Carrier-Grade Monitoring

• Entitlement Enforcement

• Fedlet for .NET

• Embedded Glassfish Container

3

More Ease-of-Use Task Flows (Q1 / Q2 2009)

• Protect a Resource Flow

• Create a Realm Flow

• Configure / Deploy and Agent Flow

• Configure an Authentication Store

• Configure an Instance

• Select an Admin for a Realm

4

SaaS Federation Task Flows (Q2 2009)

• Provide simple task flows for configuring federated SSO with popular SaaS services• Focus on standards-based services rather than

proprietary

5

Carrier grade monitoring

• Server level monitoring and management across entire OpenSSO deployment> Test agents to ensure they are responding to client

requests.> Real-time of view of OpenSSO Deployment> Quickly identify and address problems on Server side

and client side.

• Integrates with 3rd party monitoring and reporting tools.(OpenView, Unicenter, OpenNMS, Zenoss).• Basic monitoring data viewer and graphing.

6

Reverse Proxy Agent

• 100% pure Java• Standards compliant reverse proxy.• Standard war file deployment• Transparent authentication.• Session loss recognition and re-authentication• Dispatch via regular expressions.• Central management of access control policies.• Policies are enforced by standard policy agent.

7

OTP - One Time Password (Q4 2009)

• Based on OATH reference architecture.• Support for HOTP & TOTP specification.• Supports either 6 digits or 8 digits.• Configurable validity for an OTP password.• Support for both email and OTP password.• Will be used in conjunction with other authentication

modules.

8

Entitlement Enforcement (Spring 2009)

• Extend OpenSSO to solve access management, federation, secure web services and ENTITLEMENT ENFORCEMENT.

> Policy Engine Benchmark – A million policies.> Killer Policy Management User interface> Build as reusable composite service for RM and IM.> XACML enhancements.

– XACML Policy Definition Language.– Support for XACML Import / Export.

• 3 +1 = 4 SSO Problems. One powerful solution.

9

Fedlet (.NET)Problem• How do I federation enable an online

business partner (Service Provider) without it having to deploy and manage a full fledged heavy weight Federation solution?

OpenSSO Fedlet• A lightweight service provider

implementation of SAML protocol which can be deployed on a Java EE container.

• Can be easily embedded in a Service Provider application enabling it to communicate with an Identity Provider using SAML.

Benefits• Greater ROI on existing investments (e.g.

hardware)

• Simple to deploy and embed an SP application.

• Ideal for scenarios where SSO with IDP and retrieval of user attributes is the requirement.

Fedlet – The lightest and fastest way to federate.

10

OpenSSO Enterprise 8.1

OpenSSO Enterprise Roadmap

11

More Information• OpenSSO Wiki

http://wiki.opensso.org/

• OpenSSO Projecthttp://www.opensso.org

• OpenSSO Enterprisehttp://www.sun.com/opensso

12

Thank You.

12