OpenID Connect and UMA Apache HTTPD Plugins Are On the Way!

The Gluu Management was upbeat and thanked all the supporters of their CrowdTilt Campaign $7,975 that had been crowd-funded to enable the development of Open Source OAuth2 plugins for the Apache HTTPD server!

Support that flowed in from various sources and quarters has been given due credit by the management of Gluu

1) Andrew Hughs for convincing me, despite my original skepticism, that we should try to crowd fund the plugin. Not only did we raise $8,075, we generated a lot of awareness, and built the community of OX supporters in the process. Andrew was a key catalyst in making this happen!

2) Eve Maler (and the UMA team) for writing UMA. OX’s vision for open source access management for organizations would not be possible without UMA. For Eve and her UMA collaborators, it has been a marathon effort for many years, and its a miracle that people would be as committed to the effort! Thank you for your hard work which makes something like a plugin even possible!

3) Kantara One of the key catalysts in this campaign, we should all thank Joni Brennan for her work on UMA and other important standards efforts. A neutral partner to help the participants of the ecosystem is essential.

4) OpenID Connect Working Group: For also being so damn persistent… few people realize how many issues need to be resolved to get a large and important standard written. Without their work, we would have nothing to implement.

5) 30+ passionate identity evangelists. Individuals were the first contributors to the campaign, and funded 30%, which is a key sign of support. Without this, I don’t think the corporate sponsors would have joined. This group did double what I expected… and many people even upped their contribution when it looked like we were not going to make it! Thank you everyone!

6) CrowdTilt I have been a fan of CrowdTilt since it launched a few years back. Behind the scenes, they are making sure it all works. Thank you all for your dedication!

7) Falcon Systems Consulting of Japan. Falcon was the first and largest corporate sponsor. I was short $5,000 on our campaign. By offering to cover half, it made the raising the final third seem possible. After closing the loop with potential corporate sponsors, we tilted! I went into work not thinking the campaign had failed, and I left work, we had commitments to get the campaign tilted. Thank you to Masamichi Takahashi for supporting open source and open standards and leading the way in Japan!

8) Symas. Thank you to Marty Heyman and Shawn McKinney for contributing to the campaign, for their hard work developing an open source identity stack, and for inviting me to the Java One IAM Panel

9) ForgeRock. We’re really happy to collaborate with ForgeRock. Without other implementers of OpenID Connect and UMA, Gluu’s platform would be just as proprietary as the monolithic IAM solutions. ForgeRock’s financial support is really appreciated, but their future participation in open standard interops will pay even bigger dividends for the Internet. Special thank you to Lasse Andresen and Allen Foster!

10) All you guys Thank you for to everyone else out there who helped us by RE-TWEETing and helping to get the word out. We had more than 3000 twitter clicks on our campaign. Without your help, we couldn’t have found all the poeple out there who want

Advertisements

OpenID Connect and UMA Apache HTTPD Plugins Are On the Way!

The Gluu Management was upbeat and thanked all the supporters of their CrowdTilt Campaign $7,975 that had been crowd-funded to enable the development of Open Source OAuth2 plugins for the Apache HTTPD server!

Support that flowed in from various sources and quarters has been given due credit by the management of Gluu

1) Andrew Hughs for convincing me, despite my original skepticism, that we should try to crowd fund the plugin. Not only did we raise $8,075, we generated a lot of awareness, and built the community of OX supporters in the process. Andrew was a key catalyst in making this happen!

2) Eve Maler (and the UMA team) for writing UMA. OX’s vision for open source access management for organizations would not be possible without UMA. For Eve and her UMA collaborators, it has been a marathon effort for many years, and its a miracle that people would be as committed to the effort! Thank you for your hard work which makes something like a plugin even possible!

3) Kantara One of the key catalysts in this campaign, we should all thank Joni Brennan for her work on UMA and other important standards efforts. A neutral partner to help the participants of the ecosystem is essential.

4) OpenID Connect Working Group: For also being so damn persistent… few people realize how many issues need to be resolved to get a large and important standard written. Without their work, we would have nothing to implement.

5) 30+ passionate identity evangelists. Individuals were the first contributors to the campaign, and funded 30%, which is a key sign of support. Without this, I don’t think the corporate sponsors would have joined. This group did double what I expected… and many people even upped their contribution when it looked like we were not going to make it! Thank you everyone!

6) CrowdTilt I have been a fan of CrowdTilt since it launched a few years back. Behind the scenes, they are making sure it all works. Thank you all for your dedication!

7) Falcon Systems Consulting of Japan. Falcon was the first and largest corporate sponsor. I was short $5,000 on our campaign. By offering to cover half, it made the raising the final third seem possible. After closing the loop with potential corporate sponsors, we tilted! I went into work not thinking the campaign had failed, and I left work, we had commitments to get the campaign tilted. Thank you to Masamichi Takahashi for supporting open source and open standards and leading the way in Japan!

8) Symas. Thank you to Marty Heyman and Shawn McKinney for contributing to the campaign, for their hard work developing an open source identity stack, and for inviting me to the Java One IAM Panel

9) ForgeRock. We’re really happy to collaborate with ForgeRock. Without other implementers of OpenID Connect and UMA, Gluu’s platform would be just as proprietary as the monolithic IAM solutions. ForgeRock’s financial support is really appreciated, but their future participation in open standard interops will pay even bigger dividends for the Internet. Special thank you to Lasse Andresen and Allen Foster!

10) All you guys Thank you for to everyone else out there who helped us by RE-TWEETing and helping to get the word out. We had more than 3000 twitter clicks on our campaign. Without your help, we couldn’t have found all the poeple out there who want

Gigaom

Cable operator Charter (S CHTR) is looking to bring the cloud to its customers’ cable boxes, regardless of when those devices were made: Charter CEO Tom Rutledge said during the company’s earnings call Thursday that his company intends to roll out a new, cloud-based UI to all of its set-top boxes next year. Rutledge added that initial tests in Fort Worth, Texas have been promising, and that Charter will expand these tests to additional markets later this year. Charter announced 29,000 video subscriber losses Thursday, down from 55,000 a year ago.

Charter's new cloud UI. Charter’s new cloud UI.

Charter is using cloud virtualization technology from ActiveVideo to revamp the user interfaces of its cable boxes without actually having to upgrade the hardware. This is being accomplished by hosting the UI in the cloud, where it is rendered into a video stream that can be played back even with legacy pay TV hardware. The…

View original post 274 more words

School Ring Federation

 

 

theRing_With_coins1At a high level, this blog is about how xdiCoin and OX messaging could be used to support OpenID Connect 1.0 multi-party federations.

The interactions between individuals and organizations has become increasingly complex. By using OX, people or organizations can create data federations. Federations will enable simplification of trust by standardizing the vocabulary, policies and operating procedures for the respective data sharing relationship.

While talking with Denise Tayloe from Privo last week, I realized there is a chicken and the egg problem with identifiers. As soon as kids have a coin, I realized that the most important trust ring to draw is your Family Ring.

The Family Rings solves two problems I’ve been thinking about recently (1) how do my children interact with companies (Lego, Moshi Monsters, etc) (2) how do my kids interact with the school. In order to manage these relationships, the organizations in question need to understand that I am the parent.

The School Ring is my idea to show the potential opportunities for federation. oxPlus is a private social networking application for a K-12 school that we wrote as part of the project with ID3. We are planning to re-launch oxPlus on a new public website. We will re-brand it, and enable open registration (which will help for the web access management system wam).

With open registration, people can obtain OpenID Connect 1.0 credentials and an OX personal datastore. OX is used to store the parent child relationships. oxPlus also provides tools to create a school in OX. Even a homeschooling parent could register their own school, specify that they are the teacher, and point to their kids as the students.

This type of standardization enables kids to receive services (with their parents consent), and for schools to make data available “up the stream,” within the confines of the rules of the federation. This is how governments can get real time test scores and access to richer content. Improved inter-operability would also help students who move to a new district or state, giving the receiving educators a better understanding of a students capabilities on an apples:apples basis.

Symplified… So long and thanks for all the fish!

jumping_goldfish_smallAs many of you have heard, Symplified is exiting the access management market. The company’s founders had a long history in the single sign-on business, having founded Securant in the late nineties. Securant was acquired by RSA in September 2001, and evolved into RSA Cleartrust, which is still in production today at many organizations.

It seemed logical that the experienced team behind such a successful product would have launched an equally successful SaaS offering. I don’t know the whole back story, but many things have to align for a startup to succeed. You need good execution, but you also need a little bit of good luck.

I first ran into Symplified at the Digital Identity World in 2008 (thanks for the flying monkey!). At the next Digital Identity World, I had a long conversation with Eric Olden about utility computing. He gave me a copy of the book The Big Switch, which provided valuable evidence in my thinking about how utility computing could make sense for SSO and access management, and how lowering the price could actually expand the size of the market.

Although Gluu has many competitors,  identity provider saml is a very large global market, which Gluu cannot serve alone. We’re sad to see the exit of one of the early innovators who helped pave the way for a new delivery model for access management. Here at Gluu we’re grateful for Symplified’s early leadership, dedication to their customers, and management excellence.

Gluu SXSW Interactive Picks

PPvoting_slide

Voting for SXSW interactive sessions has NOW ENDED and CHOSEN SESSIONS HAVE BEEN ANNOUNCED! Check out the Bold Green sessions below to see which of Gluu’s recommendations made the cut.

1.Who Are You? Gluu CEO Mike Schwartz will talk about the sexiest new ways to sso authentication: mobile, location-based, biometric , image-based… proving who you are is now possible more ways from more types of devices than ever, and the pace of innovation is showing no signs of fatigue.

2.Hacking LinkedIn: the B2B Bible Gluu Director of Business Development Will Lowe will be hosting a workshop to teach the automation secrets that have expanded Mike’s professional network by more than 1,000 new connections in less than 7 months.

3.Tips & Tools for Protected Connection Eve Maler, Joni Brennan, and Lucy Lynch will offer the low down on where digital privacy is currently “at”, and offer some pragmatic advice.

4.Talent Wars: Tips for Building Good Corp Culture Ping Identity founder Andre Durand, will share some secrets of how to create the right corporate atmosphere to build a globally distributed team in a highly competitive high tech market.

5.The Hitchiker’s Guide to the Identiverse: Ping CTO Patrick Harding will tell us What is the identiverse, and why it might come crashing down on us.

6.The Future of Biometrics: Engineer and Technology VP Skooks Pong will provide an overview of new biometric authentication single sign on technologies that we may see soon!

7.A Wheel Of Pain: How I Learned To Love Enterprise Jay Cuthrell from VCE (joint venture of Cisco and VMWare) will tell everything you were afraid to ask about enterprise IT sales

8.A Cloud of One’s Own Jeff Kramer, entrepreneur and HP Cloud visionary, will lay out the use cases and challenges for personal clouds

9.The rise of mobile payment – Enabling technologies Amol Deshmukh of Gemalto will explain the current technology blueprint for mobile payments

10.Virtual Professionals -Smartworkers or Workaholics Founder of the Golab and co-working guru, Steve Golab, Plantronics Managing Director Phillipe Vanhoutte, and Oracle customer advocate Heather Foeh will confront the new mission of information workers who find it hard to unplug.

11.Austin Home of the Journey Entrepreneur: Bijoy Goswami of Bootstrap Austin describes what makes Austin a great place for your venture to find you.

12.Cloud Portability With Multi-Cloud Toolkits: Everett Toews of Rackspace describes how to architect your IAAS infrastructure for portability

13.The DarkNet Emerges: Andrew Delamarter of Huge describes how a new anonymous subnet is forming where people cannot be identified online.

14.Hacking Meat: Why Insects Are the Future of Food At the current rate of production, there won’t be enough protein for everyone. Yes, running out of brisket is terrifying prospect in Austin, but maybe instead of longhorns, we should eat longhorn beetles!

15.Dear Taco Vendor, How are You Securing My Data? David Tishgart of Gazzang leads a discussion of how our personal data is being (mis)used and what you can do about it.

17.How Businesses Succeed With Open Source Principles Ruth Suehle of Red Hat leads a discussion on the best way to get your ideas heard, bring down costs, make the world a better a place, and still turn a profit

18.Putting the Web Back Into the Web Every phone has a web brower… why are we building all these native apps? World class discussion from Daniel Appelquist (Telefónica Digital), Andrew Betts (Financial Times), Dave Shea (Mezzo Blue), and Dominique Hazaël-Massieux (W3C)

19.Let Me Hear Your Body Talk: The Internet of You Peter Tippett of Verizon and other distinguished panelists, share trends for digital health that are moving beyond wireless devices we wear to wireless devices that are in us.

20Mobile Business Apps in a Post-Briefcase World So how can companies make mobile apps the new desktop? Okta CEO Todd McKinnon and a panel of experts will discuss innovations that enable organizations to radically increase productivity.

Help! My Toaster’s Been Hacked! Rockstar of Rocksauce Q Manning will lead a discussion on how the Internet of Things will effect our life in new and interesting ways.

OpenID Connect Lesson of the Day: Discovery & Transient ID’s

After being stumped by a client’s OpenID Connect question earlier today, we wanted to dig deeper for some answers.

We turned to the knowledgeable and helpful OpenID Connect Spec Gurus for clarification and the following is what we learned…

Our Query to the Oracles of OpenID Connect:

“As I understand OpenID Connect discovery, a person would specify username@host…

Could the user simply enter “@host” instead?

Its not a valid address, but for discovery, it could be sufficient. Perhaps this would facilitate the return of a non-correlatable (transient…) identifier by the OP to the RP, which could help protect the privacy of the person.”

Response from OpenID Gurus:

Yes, according to the discovery docs you can enter just the host/domain name (without the @ sign) and Webfinger will still work. You can also enter the issuer URL directly. Both of these allow for directed-identifier use cases, where you know the IdP but don’t know the end user at runtime, and this is a key feature for OIDC.

What does this all mean?

It means that a user can retain 100% privacy when web access management products. Many organizations do not want RP’s to be able to track a specific person. If a different identifier is released to each RP, the user can act more anonymously on the Internet. If the user is causing trouble at the RP (like trying to hack the RP…), the IDP can still track down the person who was issued the “transient” identifier in question. In many cases, the RP really doesn’t need to know which specific user at the domain is requesting the content–frequently the RP just needs to know that the person is licensed or authorized

The above scenario is widely in use by universities using the Shibboleth support for transient ids. A similar approach is also used by some vendors to minimize the release of attributes to websites.

 

Federated Identity and OpenID Connect: Why Higher Ed Needs OX

Access to premium content is now one of the greatest value-adds universities can offer students, faculty and staff. Through the use of federated identity with open standards like SAML, universities can enable their university-issued credentials to provide access to valuable third-party content, like email and course material.

However, the majority of U.S. universities either have no federation implementation, or a very limited deployment. To compound this problem, due to the complexity of configuration, very few websites support SAML — the leading federation standard on the Internet today.

In the time that SAML adoption has not happened, Google and other consumer IDPs have become indispensable to people for mobile and web access management.

SAML came out before the invention of the iPhone. Since then, the infrastructure of the web has shifted to accommodate advances in technology, and developer feedback is clear: they don’t want to integrate SAML in their applications.

There are many indicators that something is wrong with SAML adoption. Moderate success is not good enough. An infrastructure service like authentication needs to have ubiquitous adoption in order to make a significant impact. For example, the Internet wouldn’t work as well if we had to support IPX and Banyan Vines at the same time.

While Shibboleth is currently the most popular open source SAML software in use by higher education, Shib 3 is not the answer…the way forward is OX!

Shib 3 only gets you improved SAML. OX enables the institution to support next-gen OAuth2 authn / authz and federation. The recently finalized OAuth 2.0 profile for authentication, OpenID Connect, fills the need for a simple yet flexible and secure identity protocol, and also lets organizations leverage their existing OAuth 2.0 investments.

Gluu has a very simple migration plan from Shibboleth 2: using our LoginHandler, a person is able to get both a SAML and OpenID Connect session. Despite a head start of years, MSFT will probably very soon have more SAML IDPs than Shibboleth, and MSFT are on track to deliver their OpenID Connect server before Shibboleth. However, proprietary software and its expensive licenses are not as appealing to budget-conscious universities as it is to large enterprises.

OX provides a competitive value proposition, while maintaining a flexible open source license. Before we convert the last 90% of universities to the wrong protocol (SAML) and proprietary software, maybe its time to at least have a conversation if that’s the right thing to do.