Open Source

ForgeRock Picks Up Where Sun Left Off

By Paula Bernier, Executive Editor, IP Communications Magazines  |  September 01, 2010

This article originally appeared in the Sept. 2010 issue of INTERNET TELEPHONY

If your company uses the Sun Microsystems (News - Alert) OpenSSO platform and has felt abandoned as it waited for an upgrade to release 8 that never came, help is on the way. An upstart called ForgeRock, manned by some of the staff that led the OpenSSO charge at Sun, now offers a variety of solutions based on the open source solution.

ForgeRock, which was founded in February and has former Sun Microsystems’ executives Lasse Andresen (the new company’s CEO), Simon Phipps (chief strategy officer) and Hermann Svoren (director of global sales) – along with Terry Joyce (director of engineering) – at the helm, recently introduced OpenAM, an updated identity management solution based on the highly-scalable and widely used OpenSSO.

“What an authentication system does – imagine that you’re going to create a Web store, and you sell shoes and books and music in your Web store,” Phipps explains. “Each of the Web stores that sell those things will actually be a separate application because when you sell music you’ve got to provision downloads, when you sell books you’ve got to give page previews, and when you sell shoes you have to have some sort of sizing guide with photos.

“So the stores for those are quite different applications, and it doesn’t make any sense to have a user log-in for each application because to the user you want to look like you’re a single store,” he continues. “So you have a fourth module that is called the authentication module, and your users log in to the authentication module, and their Web browser is given some credentials and then each of your stores ask the Web browser for those credentials and check in with the authentication manager behind the scenes over on the enterprise bus to check that the credentials are correct and to get the user details. That concept is highly transferable to many kinds of cloud, large enterprise or distributed applications….”

OpenAM is just one of the solutions ForgeRock offers as part of its I³ Open Platform architecture. ForgeRock also offers OpenESB, an enterprise service bus that integrates applications with the authentication module; OpenDS, an LDAP directory that can store the details of all users entitled to log in to the system; OpenIDM, an ID information management system; and some other, more specialized, applications like OpenFM, for facilities management. (The applications are all written either in or for a development environment that uses Java Enterprise Edition.)

“Each of those components I just named for you all started life as products of Sun Microsystems,” says Phipps. “While I was at Sun Microsystems I was responsible for making them be open source. There are quite a lot of customers who are running a version of OpenSSO, called OpenSSO version 8. A lot of the larger customers around the world are using that version, and they’ve been stranded on that version for rather a long time because there hasn’t been an update, and it doesn’t look like there’s going to be an update now that Oracle (News - Alert) has purchased Sun.”

As a result, ForgeRock moved to take over that code base, renamed it OpenAM, fixed the bugs in OpenSSO 8, and added to it. New with OpenAM are fine-grained authentication so users can do authentication and permission for particular behaviors and give different users different capabilities in the system; and a range of performance enhancements and improved cross-platform behavior to smooth the upgrade path from OpenSSO 8.

Other major changes include:

• The embedded configuration store now utilizes the OpenDS 2.3 engine.

• Significant development work has been done in the federation implementation, with enhanced IdP Proxy support. (When configured as a SAML2 IdP Proxy, OpenAM 9.5 has the ability to present a list of IdPs that can fulfill the authentication request, enabling users to interactively select their preferred IdP. The OpenAM implementation is based on the OASIS committee draft, which supports the representations of levels of assurance of the remote IdPs.)

• All issues that were reported fixed in any of the updates to the Sun Enterprise version, and not in the OpenSSO release, have been addressed. (This is very significant for customers that are currently using OpenSSO Enterprise 8, with updates or patches from Sun, and now want to move up to OpenAM because they are now able to easily migrate to the ForgeRock platform, according to ForgeRock.)

“This is great news for a whole lot of people, including quite a lot of telecoms customers,” says Phipps, estimating that a low four-figure number of companies today use OpenAM or its predecessors.

ForgeRock, a full-service ISV, has built a business around such customers, to whom it aims to sell subscriptions to OpenAM “and those entitle the customer a rapid guaranteed response to problem reports on the service level agreements that fit the stage of deployment of the use of OpenAM.”

Edited by Stefania Viscusi