Roadmap

Although it is relatively straightforward to federate with Google using SAML today, we are adding a simple task flow that reduces the effort down to a few simple steps. This will make it extremely easy to outsource your collaboration tools to Google's hosted service.

OpenSSO uses an embedded instance of OpenDS for configuration data. The same embedded store can hold user data for non-production environments such as development and demonstrations. Production deployments use Sun Directory Server, Microsoft Active Directory or IBM Tivoli Directory Server as a user store. This release includes a plug-in to allow OpenSSO deployments to use OpenDS as an external user store.

We are in the process of adding capabilities to OpenSSO that allow a user to obtain a one time password via your mobile phone (e.g. - using SMS text messages). This is not a replacement for traditional multi-factor authentication solutions, but rather a lightweight alternative for those that don't want to buy a packaged offering to complement their web access management solution. The key benefit of this solution is that organizations will be able to lower operational expenses by allowing consumers to use their cell phones as a physical token device rather than buying a separate piece of hardware.

This feature provides a plug-in that allows OpenSSO deployments to use MySQL as a user store.

The 'Fedlet' is a package that a SAML 2.0 identity provider can create to quickly federation-enable a small service provider. The idea is that, if you're running a single web application, you're not going to want to deploy and maintain an entire federation service to run a standalone service provider. What you want is a little package of code and configuration to federation-enable your web application. The Fedlet was originally released in OpenSSO Enterprise 8.0 to support Java applications. The Fedlet for .NET is for service providers that want to deploy a Fedlet to support .NET applications. It is smaller than 1.5MB and can be deployed in three simple steps. Once deployed the Fedlet will support the SAML 2.0 Web Browser Profile with responses sent via the POST binding.

This feature is focused on improving ease of use by allowing users to easily configure Secure Token Service(STS) via the OpenSSO 'Common Tasks' page. This is part of our effort to move all capabilities from an object-oriented approach to a task-based approach.

This feature is focused on improving ease of configuration and integration for deployments using Microsoft Active Directory as user data store for OpenSSO.

This set of features will extend OpenSSO to now offer fine-grained authorization (FGA) for web applications out-of-the box. You will no longer need to use our custom API's to handle FGA decisions. The entitlements solution will add a killer policy management interface for defining policies/conditions and managing policies, a policy auditor to validate policies and REST-based web services that will allow developers to invoke authorization from their applications. The OpenSSO entitlement enforcement solution will leverage our currently available XACML request/response support, and be a fully standards-based implementation. In addition, the solution will support XACML import/export for fine-grained policy definitions.

Within the OpenSSO community we are actively working to develop robust monitoring features for large-scale deployments that allow system and network administrators to proactively manage important enterprise assets that range from physical devices to systems and applications. Through our new service level monitoring capabilities deployers will be able to monitor their deployment health, detect and diagnose problems and use reported metrics to size deployments.

The monitoring solution will use monitoring agents and leverage existing agents such as those provided with OpenDS, GlassFish and the Java Virtual Machine. The mosaic of agents will all report management data to a central console, which can aggregate the information and present a single consolidated view for administrators.

Data captured by the OpenSSO monitoring solution will fall into the following categories for each OpenSSO component:

* Configuration overview : number of servers, authentication modules, realms, agent types, etc.
* Metrics related to resource usage : cache sizes, connection pools, sessions, etc.
* Counts on operations : authentication success/failure, authorization success/failure etc.
* Faults and diagnostics : server/agent down, LDAP health, connectivity issues, etc.
* Thresholds and alerts : events emitted when certain configured limits are met -- number of authentication failures exceeds limit, number of in-memory sessions exceeds limit, etc.

This feature is focused on improving ease of use by allowing users to easily configure federated connections with WebEx using SAML v2 protocol via the OpenSSO 'Common Tasks' page. This is part of our effort to move all capabilities from an object-oriented approach to a task-based approach. This feature is focused simply on making it easier to setup Federated SSO with WebEx to configure and reducing time to deployment.

This feature is focused on providing a cross-container Web Services Security solution based on JAX-WS handlers.

Our reverse proxy is being rewritten as a 100% Java proxy that also has the ability to capture and replay passwords for web applications not protected by your single sign-on solution. In short, this will allow Enterprise Single Sign-on (screen scraping) functionality for web applications. Applications that are not protected by OpenSSO can use password replay to do simple password capture and authentication.

The release prior to our commercial release is a beta release that does not include new features. This is primarily a test/bug release and allows us to focus on commercial-grade stability for OpenSSO Enterprise 8.1.

Sun OpenSSO Enterprise 8.1 commercial release.