Tutorials : Identity Management Made Easy with OpenSSO :

Identity Management Made Easy with OpenSSO

by Thribhuvan Thakur

As the need for inter-enterprise e-commerce business processes becomes apparent, identity managementis also becoming a concern. Obviously, users appreciate SSO—the ability to sign on once and move seamlessly through the application portfolio. Without federated identity management, users are forced to endure the current state of affairs, which means managing multiple logins and application-specific identities. Within a corporate network, however, it's reasonable for employees to expect direct access to corporate applications and salary and benefit records without having to re-authenticate themselves.

What Is Identity Management, Anyway?

Figure 1 shows the actors involved in identity management.

Figure 1. Identity Management a Solution to Identity Crisis

OpenSSO

Figure 2. Federated Access Manager

OpenSSO provides a single, self-contained J2EE application called Federated Access Manager (FAM) for easy roll out. FAM implementation is based on the Sun Java System Access Manager and the Sun Java System Federation Manager.

Among other services, FAM provides the following:

Authentication Service: This verifies the user's credentials and issues a user-session token as a proof of authentication. It consists of plug-in modules, a core authentication component, a web service interface, and a client API. A JAAS framework is integrated in this service and plays and important role in authentication chaining.

Authorization/Policy Service: This evaluates policies associated with a user's identity and determines whether an authenticated user has permissions to access a protected resource.

Session (SSO) Service: This provides continued proof of the user's identity, which enables the user to access multiple enterprise resources within the same domain—without having to provide credentials each time (for example, SSO). It also provides cross-domain single sign-on (CDSSO) capability that enables users to access applications among multiple DNS domains.

Security Assertion Markup Language (SAML) Service: This allows business partners to securely exchange authentication and authorization information over the internet.

Identity Federation Service: This consolidates multiple local identities into one federated identity. This enables the user to move across multiple service providers without having to re-authenticate themselves. This feature is built upon the Liberty Alliances Framework, which introduced the concept of circle of trust.

Logging Service: This enables auditing by recording information such as access denials and approvals, authentication events, and authorization violations.

How to Add Java Applets to Your Site

New on the Java Boutique:

New Review:

Time Management Made Easy with the Quartz Enterprise Job Scheduler
Why not just use the Java timer API? This open source scheduling API boasts simplicity, ease-of-integration, a well-rounded feature set, and it's free!

New Applet:

Reverse Complement
Reverse Complement is a simple applet that converts DNA or RNA sequences into three useful formats.

Elsewhere on internet.com:

WebDeveloper Java
Lots of Java information on webdeveloper.com

WDVL Java
Thorough Java resource at the Web Developer's Virtual Library.

ScriptSearch Java
Hundreds of free Java code files to download.

jGuru: Your View of the Java Universe
Customizable portal with online training, FAQs, regular news updates, and tutorials.