Sun to open-source SSO software

Sun to open-source SSO software

Summary: Today at Catalyst, Sun EVP John Loiacono announced that they are going to put their single sign-on solution under an open source license.  The code won't be available until Q4 2005, but the Web site is up.

SHARE:
TOPICS: Browser
4

Today at Catalyst, Sun EVP John Loiacono announced that they are going to put their single sign-on solution under an open source license.  The code won't be available until Q4 2005, but the Web site is up.  Quoting from the site:

The goal of Open Web SSO project is to provide an extensible implementation of identity services infrastructure that will facilitate single sign on for web applications hosted on web and application servers. This implementation will offer the following core identity services:

  • Authentication
  • Session
  • Logging
The site promises a high level architecture document and uses cases in August.  Until then, there's not really enough information to know whether this initiative will matter or not. 

Topic: Browser

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

4 comments
Log in or register to join the discussion
  • Also missing

    is the license. "Open Source" could mean something like Microsoft's "source under glass" approach where you can see Sun's source code but not compile, modify, etc. it in any way.
    Yagotta B. Kidding
    • isn't it..

      CDDL?
      http://www.opensource.org/licenses/cddl1.php

      If I don't understand, please explain ( I may not)
      :)
      xstep
  • all licensing issues aside . . .

    aren't single sign-on apps a huge security liability? The point of multiple passwords is to limit the damage of one compromised password. With single sign-on, there is only one password for everything. What's the point of multiple sign-ons if you have a single sign-on app?
    tmurph1810
    • You have to

      Read about it at RSA to understand. Each person would have a digital signature.

      People have too many passwords. People forget passwords, people right them down, and people use bad passwords.

      This way a password can be longer and cryptic without the worry or need to remember it. Users can now be better managed and information and user transaction patterns can be tracked.

      Anyway, I'm no expert but somthing has to be done and this looks like a good solution. Check it at RSA
      xstep