Open sso enterprise customer pitch


Published on

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • Federated Access Manager (FAM) is the only open source solution in the market that provides web access management, federated single sign-on and web services security in a single, self-contained Java application. Through a single product users can create federated mashups from internal and partner applications and web services to create a single view for the end-user. FAM allows customers to quickly and inexpensively extend business reach while maintaining high security standards, which, simultaneously, reduces company risk. OpenSSO ( is a Sun Microsystems-sponsored open source project providing core identity functionality such as single sign-on (SSO), federation and identity Web services. The project is based on the code base of Sun Java System Access Manager and will form the basis for Sun Federated Access Manager 8, the next commercial product release. As well as enterprise-focused standards such as SAML 2.0, XACML and WS-Federation, OpenSSO includes protocols such as OpenID and Information Cards as Extensions - community-based sub-projects. Customers no longer need to purchase and deploy multiple products to solve their WAM, federation and web services security problems. Instead, FAM provides a: Single License Single Distribution Single Deployment Single Customer View Customers are able to reduce the cost of securing identities accessing all application, web services and partner resources and, simultaneously, create federated mash-ups that provide a single view to the end-user.
  • Sun provides comprehensive support for OpenSSO, the worlds largest open source identity project that provides fully featured single sign-on, federation management and web services security capabilities in a single Java distribution. Customers needing access to a simple, open web access management and federation solution with extranet scale should buy Sun's Federated Access Manager and they will also receive full support for Open SSO at no additional cost. Customers who purchase Federated Access Manager, Sun's commercial version of OpenSSO, will now be entitled to the commercial product, which is released approximately every 12 months, and OpenSSO Express Stable Builds, which are released approximately every 2 months. This move is in response to demand from both Sun Access Manager customers and OpenSSO community members who requested support for OpenSSO rather than waiting for the next commercial product release. Customer Evidence: BBC BBC learned about OpenSSO via the OpenSSO project. They did not engage Sun sales. They did everything from development, testing, and deployment to production on their own and then approached Sun for a license and support. They plan to manage SSO and federation for more than 60 million users. Alcatel-Lucent ALU is using OpenSSO stable builds to develop the next generation of their Datagrid product so that it contains the latest and greatest federation features. In particular, they are interested in FAM's Security Token Service, WS-Security and WS-Trust protocols and federation multiprotocol hub capabilities. ALU wants to be embed Sun's latest and greatest technology. As a result, they are developing the Datagrid solution using OpenSSO Express Stable builds and plan to embed FAM 8 when it becomes available in September 2008. Metavie Blue Cross In October 2008, BCC plans to upgrade their existing Sun identity infrastructure and has decided they want the latest features and capabilities that will be part of Federated Access Manager 8, which releases in September 2008. BCC is particularly interested in Sun's new web services capabilities including FAM's Security Token Service. BCC has been using the OpenSSO Express Stable and has come across no problems or issues. They also receive full support and indemnification on the OpenSSO builds and do not have to wait for Sun Federated Access Manager 8 to begin implementing their solution and take advantage of it's features.
  • Open sso enterprise customer pitch

    1. 1. OpenSSO Enterprise Daniel Raskin Senior Product Line Manager [email_address]
    2. 2. OpenSSO Enterprise Buy one solution to solve ALL of your SSO problems Web access management, Federation, and Secure Web services
    3. 3. OpenSSO Enterprise Model <ul><li>Purchase an OpenSSO Enterprise perpetual license (formerly Access Manager), Sun Identity Management Suite subscription or Java Enterprise System subscription </li></ul><ul><li>Receive Support and indemnification on OpenSSO commercial builds and Express builds. </li></ul><ul><li>Customers choose whichever builds works best for them! </li></ul>
    4. 4. OpenSSO Enterprise Options <ul><li>OpenSSO Express Build </li></ul><ul><ul><li>A community build that has undergone extensive automated testing and moderate manual testing by Sun Quality Assurance Engineering Team. </li></ul></ul><ul><ul><li>Delivered every 3 months </li></ul></ul><ul><li>OpenSSO Commercial Build </li></ul><ul><ul><li>A community build that has undergone extensive manual and automated testing by Sun Quality Assurance Engineering Team. </li></ul></ul><ul><ul><li>Delivered every 12 – 15 months </li></ul></ul>
    5. 5. Solution: OpenSSO Web Access Management Three Tough Challenges. One Powerful Solution. <ul><li>Centralized server configuration </li></ul><ul><li>Centralized agent configuration </li></ul><ul><li>Agent and proxy modes </li></ul><ul><li>AAA Identity Services </li></ul><ul><li>Embedded directory server for user store and policy store </li></ul><ul><li>XACML support for standards-based policy management </li></ul><ul><li>Consumes and translates 3 rd party tokens from all major WAM solutions </li></ul>
    6. 6. Solution: OpenSSO Federation Three Tough Challenges. One Powerful Solution. <ul><li>The Fedlet, 8.5MB package that allows service providers to create fully configured trust networks based SAML 2 in minutes </li></ul><ul><li>Multi-protocol Federation Hub, easily federate with any company regardless of what “federation language” they speak </li></ul><ul><li>Virtual Federation Proxy, incorporate any number of legacy authentications with a single instance of OpenSSO </li></ul><ul><li>Supports all major standards including SAML, WS-Federation, Liberty ID-FF, WS-Trust, WS-Security, and WS-Policy </li></ul><ul><li>Consumes and translates 3 rd party tokens from all major WAM solutions </li></ul>
    7. 7. Solution: OpenSSO Secure Web Services Three Tough Challenges. One Powerful Solution. <ul><li>Only standards-based solution in the world to provide a pluggable, end-to-end secure web-services solution </li></ul><ul><li>Out -of-box tooling by Netbeans and Glassfish </li></ul><ul><li>SecurityToken Service that can be deployed as an Integrated, or standalone, solution </li></ul><ul><li>Security Token Service that can handle token issuance, validation and translation via WS-Trust </li></ul><ul><li>Policy enforcement point plugins for Weblogic, WebSphere, Tomcat and JBOSS </li></ul>
    8. 8. Bonus: Entitlement Management <ul><li>Ability to protect resources and objects within them </li></ul><ul><ul><li>Generic policy engine </li></ul></ul><ul><ul><li>Policy Decision Point </li></ul></ul><ul><ul><li>Policy Management Point </li></ul></ul><ul><ul><li>Identity Web Services to invoke Authorization </li></ul></ul><ul><ul><li>Supports Java, C, REST, SOAP and XACML </li></ul></ul>
    9. 9. Sun is Positioned in the Leaders Quadrant The Magic Quadrant is copyrighted 10 November 2008 by Gartner, Inc. and is reused with permission. The Magic Quadrant is a graphical representation of a marketplace at and for a specific time period. It depicts Gartner's analysis of how certain vendors measure against criteria for that marketplace, as defined by Gartner. Gartner does not endorse any vendor, product or service depicted in the Magic Quadrant, and does not advise technology users to select only those vendors placed in the “Leaders” quadrant. The Magic Quadrant is intended solely as a research tool, and is not meant to be a specific guide to action Gartner disclaims all warranties, express or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose. The Magic Quadrant graphic was published by Gartner, Inc., as part of a larger research note and should be evaluated in the context of the entire report. The Gartner report is available upon request from Sun Microsystems. <ul><ul><li>Gartner Magic Quadrant for Web Access Management, Ray Wagner, Earl Perkins, Perry Carpenter, 10 November 2008 </li></ul></ul>
    10. 10. What's Next <ul><li>Carrier-Grade Monitoring (Q1 2009) </li></ul><ul><li>More Ease-of-Use Task Flows (Q1 / Q2 2009) </li></ul><ul><li>SaaS Federation Task Flows (Q1 / Q2 2009) </li></ul><ul><li>Entitlement Management (Q2 2009) </li></ul>
    11. 11. Carrier-Grade Monitoring (Q1 2009) <ul><li>Working with key Telco companies to develop carrier-grade monitoring in OpenSSO </li></ul><ul><li>Will provide server level monitoring and management across entire OpenSSO Enterprise deployment </li></ul><ul><ul><li>Test agents to ensure they are responding to client requests. </li></ul></ul><ul><ul><li>Real-time of view of OpenSSO Deployment </li></ul></ul><ul><ul><li>Quickly identify and address problems </li></ul></ul><ul><li>Integrates with 3 rd party monitoring and reporting tools </li></ul>
    12. 12. More Ease-of-Use Task Flows (Q1 / Q2 2009) <ul><li>Protect a Resource Flow </li></ul><ul><li>Create a Realm Flow </li></ul><ul><li>Configure / Deploy and Agent Flow </li></ul><ul><li>Configure an Authentication Store </li></ul><ul><li>Configure an Instance </li></ul><ul><li>Select an Admin for a Realm </li></ul>
    13. 13. SaaS Federation Task Flows (Q1 / Q2 2009) <ul><li>Provide simple task flows for configuring federated SSO with popular SaaS services </li></ul><ul><li>Focus on standards-based services rather than proprietary </li></ul>
    14. 14. Entitlement Management (Spring 2009) <ul><li>Extend OpenSSO to solve access management, federation, secure web services and ENTITLEMENT MANAGEMENT . </li></ul><ul><ul><li>Policy Engine Benchmark – Millions of policies </li></ul></ul><ul><ul><li>Killer Policy Management User interface </li></ul></ul><ul><ul><li>Build as reusable composite service for RM and IM </li></ul></ul><ul><ul><li>Policy attestation and entitlements warehouse </li></ul></ul><ul><li>3 +1 = 4 Tough Challenges. One powerful solution. </li></ul>
    15. 15. <ul><li>Easily embed policy management point and policy decision point as a composite, reusable service in Identity Manager, Role Manager, 3 rd party application. </li></ul><ul><li>Allows for a single policy store and common user experience </li></ul><ul><li>Invoke EM web services using IDE of choice </li></ul>Entitlement Management (Spring 2009) Composite, Reusable Service
    16. 16. OpenSSO: Latest Innovation <ul><li>Presto-Change-O Install </li></ul><ul><ul><li>Embedded Glassfish </li></ul></ul><ul><ul><li>JavaWebstart Installation </li></ul></ul><ul><ul><li>Pre-configured </li></ul></ul><ul><ul><li>One Click </li></ul></ul><ul><li> </li></ul>
    17. 17. Free Training Labs <ul><li>Five downloadable, self-paced labs </li></ul><ul><ul><li>deploy two Apache Tomcat servers </li></ul></ul><ul><ul><li>SSL-enable them </li></ul></ul><ul><ul><li>install a software load balancer </li></ul></ul><ul><ul><li>install OpenSSO into the environment </li></ul></ul><ul><ul><li>configure for session failover </li></ul></ul><ul><li>Includes virtual image containing OpenSolaris, Glassfish, OpenSSO and OpenDS </li></ul><ul><ul><li>Fast forward or rewind image using ZFS </li></ul></ul><ul><li>Go to and click on Training </li></ul>
    18. 18. OpenSSO Community <ul><li>In less than 2 years... </li></ul><ul><ul><li>750+ project members at </li></ul></ul><ul><ul><li>~15 external committers </li></ul></ul><ul><li>Production deployments </li></ul><ul><ul><li> 250,000 customer profiles </li></ul></ul><ul><ul><li> OpenID for Sun employees </li></ul></ul><ul><ul><li> Foundation for fine-grained authorization </li></ul></ul>
    19. 19. Thank You. <ul><li>Daniel Raskin </li></ul><ul><ul><li>[email_address] </li></ul></ul>