|
Identity Management Made Easy with OpenSSO
by Thribhuvan Thakur
As the need for inter-enterprise e-commerce business processes becomes apparent, identity managementis also becoming a concern. Obviously, users appreciate SSOthe ability to sign on once and move seamlessly through the application portfolio. Without federated identity management, users are forced to endure the current state of affairs, which means managing multiple logins and application-specific identities. Within a corporate network, however, it's reasonable for employees to expect direct access to corporate applications and salary and benefit records without having to re-authenticate themselves.
What Is Identity Management, Anyway?
Identity Management involves a comprehensive set of tools and business processes, along with their supporting infrastructures, all of which work together to manage the life cycle of user identity and its relationship to business applications and services. An Identity Provider (IdP) is responsible for identity management as well as helping a Service Provider (SP) identify a user.
Figure 1 shows the actors involved in identity management.
 Figure 1. Identity Management a Solution to Identity Crisis
OpenSSO
The Open Web Single Sign-On project (OpenSSO) is an open-source initiative by Sun Microsystems. This project's goal is to provide an extensible foundation for an identity services infrastructure in the public domain, facilitating single sign-on (SSO) and cross-domain single sign-on (CDSSO) for web applications, federation capabilities, and secure web services.
 Figure 2. Federated Access Manager
OpenSSO provides a single, self-contained J2EE application called Federated Access Manager (FAM) for easy roll out. FAM implementation is based on the Sun Java System Access Manager and the Sun Java System Federation Manager.
Among other services, FAM provides the following:
Authentication Service: This verifies the user's credentials and issues a user-session token as a proof of authentication. It consists of plug-in modules, a core authentication component, a web service interface, and a client API. A JAAS framework is integrated in this service and plays and important role in authentication chaining.
Authorization/Policy Service: This evaluates policies associated with a user's identity and determines whether an authenticated user has permissions to access a protected resource.
Session (SSO) Service: This provides continued proof of the user's identity, which enables the user to access multiple enterprise resources within the same domainwithout having to provide credentials each time (for example, SSO). It also provides cross-domain single sign-on (CDSSO) capability that enables users to access applications among multiple DNS domains.
Security Assertion Markup Language (SAML) Service: This allows business partners to securely exchange authentication and authorization information over the internet.
Identity Federation Service: This consolidates multiple local identities into one federated identity. This enables the user to move across multiple service providers without having to re-authenticate themselves. This feature is built upon the Liberty Alliances Framework, which introduced the concept of circle of trust.
Logging Service: This enables auditing by recording information such as access denials and approvals, authentication events, and authorization violations.
New on the Java Boutique:
New Review:
Time Management Made Easy with the Quartz Enterprise Job Scheduler
Why not just use the Java timer API? This open source scheduling
API boasts simplicity, ease-of-integration, a well-rounded feature
set, and it's free!
New Applet:
Reverse Complement
Reverse Complement is a simple applet that converts DNA or RNA
sequences into three useful formats.
Elsewhere on internet.com:
WebDeveloper Java
Lots of Java information on webdeveloper.com
WDVL Java
Thorough Java resource at the Web Developer's Virtual Library.
ScriptSearch Java
Hundreds of free Java code files to download.
jGuru: Your View of the Java Universe
Customizable portal with online training, FAQs, regular news updates, and tutorials.
|