{panel:bgColor=#e0e0e0|borderColor=#B0c4de}
h4. {color:#005480}OpenSSO - What's Next?{color}
Find information about OpenSSO Release Schedule and details on upcoming features.
The roadmap schedule below highlights OpenSSO's Express builds, which are released approximately every three months, and the schedule for [Sun OpenSSO Enterprise|http://www.sun.com/software/products/opensso_enterprise/index.xml] 8.1. Anyone with a OpenSSO Enterprise software license or subscription can receive support on the builds below. In short, the moment a feature is available in a release it is supported. Check out the details below.
{color:#333399}{*}The primary goal of this release is to enable OpenSSO to be the only solution in the world to provide access management, federation, secure web services, entitlement enforcement and multi-factor authentication in a single offering.*{color}
{panel}
!OPENSSO_2009_ROADMAP_110209.jpg|align=center,width=100%!
{panel:borderColor=black}
*Here it is, folks\! All of the features listed constitute Sun OpenSSO Enterprise 8.1. Onwards and upwards\!*
{color:#333399}{*}Click on a feature listed below to learn more about it.*{color}
{panel}
{section}
{column:width=30%}
h4. {color:#005480}EXPRESS 7 -- April 2009{color}
{expand: h6. Google Apps Federation Flow}
Although it is relatively straightforward to federate with Google using SAML today, we are adding a simple task flow that reduces the effort down to a few simple steps. This will make it extremely easy to outsource your collaboration tools to Google's hosted service.
{expand}
{expand: h6. OpenDS User Store Support}
OpenSSO uses an embedded instance of OpenDS for configuration data. The same embedded store can hold user data for non-production environments such as development and demonstrations. Production deployments use Sun Directory Server, Microsoft Active Directory or IBM Tivoli Directory Server as a user store. This release includes a plug-in to allow OpenSSO deployments to use OpenDS as an external user store.
{expand}
h4. {color:#005480}EXPRESS 8 -- Sep 2009{color}
{expand: h6. Mobile One Time Password}
We are in the process of adding capabilities to OpenSSO that allow a user to obtain a one time password via your mobile phone (e.g. - using [SMS text messages|http://en.wikipedia.org/wiki/One-time_password#Implementation_OTP_over_SMS]). This is not a replacement for traditional multi-factor authentication solutions, but rather a lightweight alternative for those that don't want to buy a packaged offering to complement their web access management solution. The key benefit of this solution is that organizations will be able to lower operational expenses by allowing consumers to use their cell phones as a physical token device rather than buying a separate piece of hardware.
{expand}
{expand: h6. MySQL User Store Support}
This feature provides a plug-in that allows OpenSSO deployments to use MySQL as a user store.
{expand}
{expand: h6. Fedlet for .NET}
The 'Fedlet' is a package that a SAML 2.0 identity provider can create to quickly federation-enable a small service provider. The idea is that, if you're running a single web application, you're not going to want to deploy and maintain an entire federation service to run a standalone service provider. What you want is a little package of code and configuration to federation-enable your web application. The Fedlet was originally released in OpenSSO Enterprise 8.0 to support Java applications. The Fedlet for .NET is for service providers that want to deploy a Fedlet to support .NET applications. It is smaller than 1.5MB and can be deployed in three simple steps. Once deployed the Fedlet will support the SAML 2.0 Web Browser Profile with responses sent via the POST binding.
{expand}
{expand: h6. Secure Token Service Flow (UI Improvements)}
This feature is focused on improving ease of use by allowing users to easily configure Secure Token Service(STS) via the OpenSSO 'Common Tasks' page. This is part of our effort to move all capabilities from an object-oriented approach to a task-based approach.
{expand}
{expand: h6. Active Directory Integration Improvements}
This feature is focused on improving ease of configuration and integration for deployments using Microsoft Active Directory as user data store for OpenSSO.
{expand}
{column}
{column:width=1%}
{column}
{column:width=30%}
h4. {color:#005480}EXPRESS 9 -- Dec 2009{color}
{expand: h6. Entitlement Enforcement}
This set of features will extend OpenSSO to now offer fine-grained authorization (FGA) for web applications out-of-the box. You will no longer need to use our custom API's to handle FGA decisions. The entitlements solution will add a killer policy management interface for defining policies/conditions and managing policies, a policy auditor to validate policies and REST-based web services that will allow developers to invoke authorization from their applications. The OpenSSO entitlement enforcement solution will leverage our currently available XACML request/response support, and be a fully standards-based implementation. In addition, the solution will support XACML import/export for fine-grained policy definitions.
{expand}
{expand: h6. Service Level(SNMP/JMX) Monitoring}
Within the [OpenSSO community|http://www.opensso.org/] we are actively working to develop robust monitoring features for large-scale deployments that allow system and network administrators to proactively manage important enterprise assets that range from physical devices to systems and applications. Through our new service level monitoring capabilities deployers will be able to monitor their deployment health, detect and diagnose problems and use reported metrics to size deployments.
The monitoring solution will use monitoring agents and leverage existing agents such as those provided with [OpenDS|http://www.opends.org/], [GlassFish|http://www.glassfish.org/] and the [Java Virtual Machine|http://en.wikipedia.org/wiki/Java_Virtual_Machine]. The mosaic of agents will all report management data to a central console, which can aggregate the information and present a single consolidated view for administrators.
Data captured by the OpenSSO monitoring solution will fall into the following categories for each OpenSSO component:
\* Configuration overview : number of servers, authentication modules, realms, agent types, etc.
\* Metrics related to resource usage : cache sizes, connection pools, sessions, etc.
\* Counts on operations : authentication success/failure, authorization success/failure etc.
\* Faults and diagnostics : server/agent down, LDAP health, connectivity issues, etc.
\* Thresholds and alerts : events emitted when certain configured limits are met \-\- number of authentication failures exceeds limit, number of in-memory sessions exceeds limit, etc.
{expand}
{expand: h6. WebEx Federation Flow (UI Improvements)}
This feature is focused on improving ease of use by allowing users to easily configure federated connections with WebEx using SAML v2 protocol via the OpenSSO 'Common Tasks' page. This is part of our effort to move all capabilities from an object-oriented approach to a task-based approach. This feature is focused simply on making it easier to setup Federated SSO with WebEx to configure and reducing time to deployment.
{expand}
{expand: h6. Simplified Web Services Security}
This feature is focused on providing a cross-container Web Services Security solution based on JAX-WS handlers.
{expand}
{expand: h6. Reverse Proxy with Password Replay Extension}
Our reverse proxy is being rewritten as a 100% Java proxy that also has the ability to capture and replay passwords for web applications not protected by your single sign-on solution. In short, this will allow Enterprise Single Sign-on (screen scraping) functionality for web applications. Applications that are not protected by OpenSSO can use password replay to do simple password capture and authentication.
{expand}
h4. {color:#005480}EXPRESS 10 -- March 2010{color}
{expand: h6. Beta Release}
The release prior to our commercial release is a beta release that does not include new features. This is primarily a test/bug release and allows us to focus on commercial-grade stability for OpenSSO Enterprise 8.1.
{expand}
{column}
{column:width=1%}
{column}
{column:width=30%}
h4. {color:#005480}SUN OPENSSO ENTERPRISE 8.1
Q2CY 2010{color}
{expand: h6. Sun OpenSSO Enterprise 8.1 Release.}
Sun OpenSSO Enterprise 8.1 commercial release.
{expand}
{column}
{section}
h4. {color:#005480}OpenSSO - What's Next?{color}
Find information about OpenSSO Release Schedule and details on upcoming features.
The roadmap schedule below highlights OpenSSO's Express builds, which are released approximately every three months, and the schedule for [Sun OpenSSO Enterprise|http://www.sun.com/software/products/opensso_enterprise/index.xml] 8.1. Anyone with a OpenSSO Enterprise software license or subscription can receive support on the builds below. In short, the moment a feature is available in a release it is supported. Check out the details below.
{color:#333399}{*}The primary goal of this release is to enable OpenSSO to be the only solution in the world to provide access management, federation, secure web services, entitlement enforcement and multi-factor authentication in a single offering.*{color}
{panel}
!OPENSSO_2009_ROADMAP_110209.jpg|align=center,width=100%!
{panel:borderColor=black}
*Here it is, folks\! All of the features listed constitute Sun OpenSSO Enterprise 8.1. Onwards and upwards\!*
{color:#333399}{*}Click on a feature listed below to learn more about it.*{color}
{panel}
{section}
{column:width=30%}
h4. {color:#005480}EXPRESS 7 -- April 2009{color}
{expand: h6. Google Apps Federation Flow}
Although it is relatively straightforward to federate with Google using SAML today, we are adding a simple task flow that reduces the effort down to a few simple steps. This will make it extremely easy to outsource your collaboration tools to Google's hosted service.
{expand}
{expand: h6. OpenDS User Store Support}
OpenSSO uses an embedded instance of OpenDS for configuration data. The same embedded store can hold user data for non-production environments such as development and demonstrations. Production deployments use Sun Directory Server, Microsoft Active Directory or IBM Tivoli Directory Server as a user store. This release includes a plug-in to allow OpenSSO deployments to use OpenDS as an external user store.
{expand}
h4. {color:#005480}EXPRESS 8 -- Sep 2009{color}
{expand: h6. Mobile One Time Password}
We are in the process of adding capabilities to OpenSSO that allow a user to obtain a one time password via your mobile phone (e.g. - using [SMS text messages|http://en.wikipedia.org/wiki/One-time_password#Implementation_OTP_over_SMS]). This is not a replacement for traditional multi-factor authentication solutions, but rather a lightweight alternative for those that don't want to buy a packaged offering to complement their web access management solution. The key benefit of this solution is that organizations will be able to lower operational expenses by allowing consumers to use their cell phones as a physical token device rather than buying a separate piece of hardware.
{expand}
{expand: h6. MySQL User Store Support}
This feature provides a plug-in that allows OpenSSO deployments to use MySQL as a user store.
{expand}
{expand: h6. Fedlet for .NET}
The 'Fedlet' is a package that a SAML 2.0 identity provider can create to quickly federation-enable a small service provider. The idea is that, if you're running a single web application, you're not going to want to deploy and maintain an entire federation service to run a standalone service provider. What you want is a little package of code and configuration to federation-enable your web application. The Fedlet was originally released in OpenSSO Enterprise 8.0 to support Java applications. The Fedlet for .NET is for service providers that want to deploy a Fedlet to support .NET applications. It is smaller than 1.5MB and can be deployed in three simple steps. Once deployed the Fedlet will support the SAML 2.0 Web Browser Profile with responses sent via the POST binding.
{expand}
{expand: h6. Secure Token Service Flow (UI Improvements)}
This feature is focused on improving ease of use by allowing users to easily configure Secure Token Service(STS) via the OpenSSO 'Common Tasks' page. This is part of our effort to move all capabilities from an object-oriented approach to a task-based approach.
{expand}
{expand: h6. Active Directory Integration Improvements}
This feature is focused on improving ease of configuration and integration for deployments using Microsoft Active Directory as user data store for OpenSSO.
{expand}
{column}
{column:width=1%}
{column}
{column:width=30%}
h4. {color:#005480}EXPRESS 9 -- Dec 2009{color}
{expand: h6. Entitlement Enforcement}
This set of features will extend OpenSSO to now offer fine-grained authorization (FGA) for web applications out-of-the box. You will no longer need to use our custom API's to handle FGA decisions. The entitlements solution will add a killer policy management interface for defining policies/conditions and managing policies, a policy auditor to validate policies and REST-based web services that will allow developers to invoke authorization from their applications. The OpenSSO entitlement enforcement solution will leverage our currently available XACML request/response support, and be a fully standards-based implementation. In addition, the solution will support XACML import/export for fine-grained policy definitions.
{expand}
{expand: h6. Service Level(SNMP/JMX) Monitoring}
Within the [OpenSSO community|http://www.opensso.org/] we are actively working to develop robust monitoring features for large-scale deployments that allow system and network administrators to proactively manage important enterprise assets that range from physical devices to systems and applications. Through our new service level monitoring capabilities deployers will be able to monitor their deployment health, detect and diagnose problems and use reported metrics to size deployments.
The monitoring solution will use monitoring agents and leverage existing agents such as those provided with [OpenDS|http://www.opends.org/], [GlassFish|http://www.glassfish.org/] and the [Java Virtual Machine|http://en.wikipedia.org/wiki/Java_Virtual_Machine]. The mosaic of agents will all report management data to a central console, which can aggregate the information and present a single consolidated view for administrators.
Data captured by the OpenSSO monitoring solution will fall into the following categories for each OpenSSO component:
\* Configuration overview : number of servers, authentication modules, realms, agent types, etc.
\* Metrics related to resource usage : cache sizes, connection pools, sessions, etc.
\* Counts on operations : authentication success/failure, authorization success/failure etc.
\* Faults and diagnostics : server/agent down, LDAP health, connectivity issues, etc.
\* Thresholds and alerts : events emitted when certain configured limits are met \-\- number of authentication failures exceeds limit, number of in-memory sessions exceeds limit, etc.
{expand}
{expand: h6. WebEx Federation Flow (UI Improvements)}
This feature is focused on improving ease of use by allowing users to easily configure federated connections with WebEx using SAML v2 protocol via the OpenSSO 'Common Tasks' page. This is part of our effort to move all capabilities from an object-oriented approach to a task-based approach. This feature is focused simply on making it easier to setup Federated SSO with WebEx to configure and reducing time to deployment.
{expand}
{expand: h6. Simplified Web Services Security}
This feature is focused on providing a cross-container Web Services Security solution based on JAX-WS handlers.
{expand}
{expand: h6. Reverse Proxy with Password Replay Extension}
Our reverse proxy is being rewritten as a 100% Java proxy that also has the ability to capture and replay passwords for web applications not protected by your single sign-on solution. In short, this will allow Enterprise Single Sign-on (screen scraping) functionality for web applications. Applications that are not protected by OpenSSO can use password replay to do simple password capture and authentication.
{expand}
h4. {color:#005480}EXPRESS 10 -- March 2010{color}
{expand: h6. Beta Release}
The release prior to our commercial release is a beta release that does not include new features. This is primarily a test/bug release and allows us to focus on commercial-grade stability for OpenSSO Enterprise 8.1.
{expand}
{column}
{column:width=1%}
{column}
{column:width=30%}
h4. {color:#005480}SUN OPENSSO ENTERPRISE 8.1
Q2CY 2010{color}
{expand: h6. Sun OpenSSO Enterprise 8.1 Release.}
Sun OpenSSO Enterprise 8.1 commercial release.
{expand}
{column}
{section}