• More Ease-of-Use Task Flows
• Mobile One Time Password.
• Reverse Proxy with Password Replay.
• Carrier-Grade Monitoring
• Entitlement Enforcement
• Fedlet for .NET
• Embedded Glassfish Container
More Ease-of-Use Task Flows (Q1 / Q2 2009)
• Protect a Resource Flow
• Create a Realm Flow
• Configure / Deploy and Agent Flow
• Configure an Authentication Store
• Configure an Instance
• Select an Admin for a Realm
SaaS Federation Task Flows (Q2 2009)
• Provide simple task flows for configuring federated
SSO with popular SaaS services
• Focus on standards-based services rather than
Carrier grade monitoring
• Server level monitoring and management across
entire OpenSSO deployment
> Test agents to ensure they are responding to client
> Real-time of view of OpenSSO Deployment
> Quickly identify and address problems on Server side
and client side.
• Integrates with 3rd party monitoring and reporting
tools.(OpenView, Unicenter, OpenNMS, Zenoss).
• Basic monitoring data viewer and graphing.
Reverse Proxy Agent
• 100% pure Java
• Standards compliant reverse proxy.
• Standard war file deployment
• Transparent authentication.
• Session loss recognition and re-authentication
• Dispatch via regular expressions.
• Central management of access control policies.
• Policies are enforced by standard policy agent.
OTP - One Time Password (Q4 2009)
• Based on OATH reference architecture.
• Support for HOTP & TOTP specification.
• Supports either 6 digits or 8 digits.
• Configurable validity for an OTP password.
• Support for both email and OTP password.
• Will be used in conjunction with other authentication
Entitlement Enforcement (Spring 2009)
• Extend OpenSSO to solve access management,
federation, secure web services and
> Policy Engine Benchmark – A million policies.
> Killer Policy Management User interface
> Build as reusable composite service for RM and IM.
> XACML enhancements.
– XACML Policy Definition Language.
– Support for XACML Import / Export.
• 3 +1 = 4 SSO Problems. One powerful solution.
• How do I federation enable an online
business partner (Service Provider) • Greater ROI on existing investments (e.g.
without it having to deploy and manage a hardware)
full fledged heavy weight Federation • Simple to deploy and embed an SP
OpenSSO Fedlet • Ideal for scenarios where SSO with IDP and
retrieval of user attributes is the
• A lightweight service provider requirement.
implementation of SAML protocol which
can be deployed on a Java EE container.
• Can be easily embedded in a Service
Provider application enabling it to
communicate with an Identity Provider
Fedlet – The lightest and fastest way to federate.