The OpenSSO roadmap outlines plans to improve ease-of-use through new task flows, introduce mobile one-time passwords and a reverse proxy, enhance monitoring capabilities, and strengthen entitlement enforcement. It also details upcoming federation capabilities for SaaS providers, a .NET Fedlet to simplify deploying service providers, and continued focus on performance and usability improvements.
2. What's Next
• More Ease-of-Use Task Flows
• Mobile One Time Password.
• Reverse Proxy with Password Replay.
• Carrier-Grade Monitoring
• Entitlement Enforcement
• Fedlet for .NET
• Embedded Glassfish Container
2
3. More Ease-of-Use Task Flows (Q1 / Q2 2009)
• Protect a Resource Flow
• Create a Realm Flow
• Configure / Deploy and Agent Flow
• Configure an Authentication Store
• Configure an Instance
• Select an Admin for a Realm
3
4. SaaS Federation Task Flows (Q2 2009)
• Provide simple task flows for configuring federated
SSO with popular SaaS services
• Focus on standards-based services rather than
proprietary
4
5. Carrier grade monitoring
• Server level monitoring and management across
entire OpenSSO deployment
> Test agents to ensure they are responding to client
requests.
> Real-time of view of OpenSSO Deployment
> Quickly identify and address problems on Server side
and client side.
• Integrates with 3rd party monitoring and reporting
tools.(OpenView, Unicenter, OpenNMS, Zenoss).
• Basic monitoring data viewer and graphing.
5
6. Reverse Proxy Agent
• 100% pure Java
• Standards compliant reverse proxy.
• Standard war file deployment
• Transparent authentication.
• Session loss recognition and re-authentication
• Dispatch via regular expressions.
• Central management of access control policies.
• Policies are enforced by standard policy agent.
6
7. OTP - One Time Password (Q4 2009)
• Based on OATH reference architecture.
• Support for HOTP & TOTP specification.
• Supports either 6 digits or 8 digits.
• Configurable validity for an OTP password.
• Support for both email and OTP password.
• Will be used in conjunction with other authentication
modules.
7
8. Entitlement Enforcement (Spring 2009)
• Extend OpenSSO to solve access management,
federation, secure web services and
ENTITLEMENT ENFORCEMENT.
> Policy Engine Benchmark – A million policies.
> Killer Policy Management User interface
> Build as reusable composite service for RM and IM.
> XACML enhancements.
– XACML Policy Definition Language.
– Support for XACML Import / Export.
• 3 +1 = 4 SSO Problems. One powerful solution.
8
9. Fedlet (.NET)
Problem Benefits
• How do I federation enable an online
business partner (Service Provider) • Greater ROI on existing investments (e.g.
without it having to deploy and manage a hardware)
full fledged heavy weight Federation • Simple to deploy and embed an SP
solution? application.
OpenSSO Fedlet • Ideal for scenarios where SSO with IDP and
retrieval of user attributes is the
• A lightweight service provider requirement.
implementation of SAML protocol which
can be deployed on a Java EE container.
• Can be easily embedded in a Service
Provider application enabling it to
communicate with an Identity Provider
using SAML.
Fedlet – The lightest and fastest way to federate.
9