Schedule

OpenSSO - What's Next?

Find information about OpenSSO Release Schedule and details on upcoming features.

The roadmap schedule below highlights OpenSSO's Express builds, which are released approximately every three months, and the schedule for Sun OpenSSO Enterprise 8.1. Anyone with a OpenSSO Enterprise software license or subscription can receive support on the builds below. In short, the moment a feature is available in a release it is supported. Check out the details below.

The primary goal of this release is to enable OpenSSO to be the only solution in the world to provide access management, federation, secure web services, entitlement enforcement and multi-factor authentication in a single offering.

Here it is, folks! All of the features listed constitute Sun OpenSSO Enterprise 8.1. Onwards and upwards!

Click on a feature listed below to learn more about it.

EXPRESS 7 – April 2009
Google Apps Federation Flow

Although it is relatively straightforward to federate with Google using SAML today, we are adding a simple task flow that reduces the effort down to a few simple steps. This will make it extremely easy to outsource your collaboration tools to Google's hosted service.

OpenDS User Store Support

OpenSSO uses an embedded instance of OpenDS for configuration data. The same embedded store can hold user data for non-production environments such as development and demonstrations. Production deployments use Sun Directory Server, Microsoft Active Directory or IBM Tivoli Directory Server as a user store. This release includes a plug-in to allow OpenSSO deployments to use OpenDS as an external user store.

EXPRESS 8 – July 2009
Mobile One Time Password

We are in the process of adding capabilities to OpenSSO that allow a user to obtain a one time password via your mobile phone (e.g. - using SMS text messages). This is not a replacement for traditional multi-factor authentication solutions, but rather a lightweight alternative for those that don't want to buy a packaged offering to complement their web access management solution. The key benefit of this solution is that organizations will be able to lower operational expenses by allowing consumers to use their cell phones as a physical token device rather than buying a separate piece of hardware.

MySQL User Store Support

This feature provides a plug-in that allows OpenSSO deployments to use MySQL as a user store.

Fedlet for .NET

The 'Fedlet' is a package that a SAML 2.0 identity provider can create to quickly federation-enable a small service provider. The idea is that, if you're running a single web application, you're not going to want to deploy and maintain an entire federation service to run a standalone service provider. What you want is a little package of code and configuration to federation-enable your web application. The Fedlet was originally released in OpenSSO Enterprise 8.0 to support Java applications. The Fedlet for .NET is for service providers that want to deploy a Fedlet to support .NET applications. It is smaller than 1.5MB and can be deployed in three simple steps. Once deployed the Fedlet will support the SAML 2.0 Web Browser Profile with responses sent via the POST binding.

Secure Token Service Flow (UI Improvements)

This feature is focused on improving ease of use by allowing users to easily configure Secure Token Service(STS) via the OpenSSO 'Common Tasks' page. This is part of our effort to move all capabilities from an object-oriented approach to a task-based approach.

Active Directory Integration Improvements

This feature is focused on improving ease of configuration and integration for deployments using Microsoft Active Directory as user data store for OpenSSO.

EXPRESS 9 – October 2009
Entitlement Enforcement

This set of features will extend OpenSSO to now offer fine-grained authorization (FGA) for web applications out-of-the box. You will no longer need to use our custom API's to handle FGA decisions. The entitlements solution will add a killer policy management interface for defining policies/conditions and managing policies, a policy auditor to validate policies and REST-based web services that will allow developers to invoke authorization from their applications. The OpenSSO entitlement enforcement solution will leverage our currently available XACML request/response support, and be a fully standards-based implementation. In addition, the solution will support XACML import/export for fine-grained policy definitions.

Service Level Monitoring

Within the OpenSSO community we are actively working to develop robust monitoring features for large-scale deployments that allow system and network administrators to proactively manage important enterprise assets that range from physical devices to systems and applications. Through our new service level monitoring capabilities deployers will be able to monitor their deployment health, detect and diagnose problems and use reported metrics to size deployments.

The monitoring solution will use monitoring agents and leverage existing agents such as those provided with OpenDS, GlassFish and the Java Virtual Machine. The mosaic of agents will all report management data to a central console, which can aggregate the information and present a single consolidated view for administrators.

Data captured by the OpenSSO monitoring solution will fall into the following categories for each OpenSSO component:

* Configuration overview : number of servers, authentication modules, realms, agent types, etc.
* Metrics related to resource usage : cache sizes, connection pools, sessions, etc.
* Counts on operations : authentication success/failure, authorization success/failure etc.
* Faults and diagnostics : server/agent down, LDAP health, connectivity issues, etc.
* Thresholds and alerts : events emitted when certain configured limits are met -- number of authentication failures exceeds limit, number of in-memory sessions exceeds limit, etc.

Multi-Protocol Federation Flow (UI Improvements)

This feature is focused on improving ease of use by allowing users to easily configure federated connections using any protocol via the OpenSSO 'Common Tasks' page. This is part of our effort to move all capabilities from an object-oriented approach to a task-based approach. We already support all the key federation protocols; this feature is focused simply on making it easier to configure and reducing time to deployment.

Virtual Federation Flow (UI Improvements)

This feature is focused on improving ease of use by allowing users to easily configure Virtual Federation (Secure Attributes Exchange) feature via the OpenSSO 'Common Tasks' page. This is part of our effort to move all capabilities from an object-oriented approach to a task-based approach.

Reverse Proxy with Password Replay

Our reverse proxy is being rewritten as a 100% Java proxy that also has the ability to capture and replay passwords for web applications not protected by your single sign-on solution. In short, this will allow Enterprise Single Sign-on (screen scraping) functionality for web applications. Applications that are not protected by OpenSSO can use password replay to do simple password capture and authentication.

EXPRESS 10 – January 2010
Beta Release

The release prior to our commercial release is a beta release that does not include new features. This is primarily a test/bug release and allows us to focus on commercial-grade stability for OpenSSO Enterprise 8.1.

SUN OPENSSO ENTERPRISE 8.1 – March 2010
Sun OpenSSO Enterprise 8.1 Release.

Sun OpenSSO Enterprise 8.1 commercial release.

Enter labels to add to this page:
Please wait 
Looking for a label? Just start typing.

Comments (6)

 

  1. Mar 02, 2009

    asheffey says:

    There is a started issue (https://opensso.dev.java.net/issues/show_bug.cgi?id=39...

    There is a started issue (https://opensso.dev.java.net/issues/show_bug.cgi?id=3917) to enable OpenDS as a supported external data store. I see above that MySQL is on the docket for that purpose. Is that being pushed back to Enterprise 8.1 in 2010?

    1. Mar 02, 2009

      metadaddy says:

      Hi Aaron - this schedule is pretty high level and doesn't cover every feature. I...

      Hi Aaron - this schedule is pretty high level and doesn't cover every feature. I'll pop your question onto users@opensso.dev.java.net; and report back here...

      1. Mar 02, 2009

        metadaddy says:

        OpenDS support is planned for Express Build 7. Updated the schedule above accord...

        OpenDS support is planned for Express Build 7. Updated the schedule above accordingly. Thanks for the question!

        1. Mar 03, 2009

          asheffey says:

          Good to hear. One more question - will there be a migration guide (for those pe...

          Good to hear. One more question - will there be a migration guide (for those people not following best practices ) to migrate user date from the embedded OpenDS instance to an external instance? Or is the assumption that you will simply need to export your users from the current LDAP, and import them into the new one?

          1. Mar 03, 2009

            metadaddy says:

            Hi Aaron - export to LDIF then import, followed by some reconfiguration of OpenS...

            Hi Aaron - export to LDIF then import, followed by some reconfiguration of OpenSSO should do it, I think. It would be worth filing an RFE, though, at https://opensso.dev.java.net/issues/enter_bug.cgi so we explicitly test it and document the cutover process.

  2. May 08, 2009

    adsfsdfsdfg says:

    Thanks for posting this. Is there a similar roadmap for "3.0 Agents"? In particu...

    Thanks for posting this. Is there a similar roadmap for "3.0 Agents"? In particular, the "apache 2.2" agent seems to have been pulled and am looking to see when it'll be back in the suite.

Sign up or Log in to add a comment or watch this page.


The individuals who post here are part of the extended Sun Microsystems community and they might not be employed or in any way formally affiliated with Sun Microsystems. The opinions expressed here are their own, are not necessarily reviewed in advance by anyone but the individual authors, and neither Sun nor any other party necessarily agrees with them.

Copyright 1994-2009 Sun Microsystems, Inc.
Powered by Atlassian Confluence Sun Guidelines on Public Discourse Privacy Policy Terms of Use Trademarks Site Map Employment Investor Relations Contact