The OpenSSO roadmap outlines plans to improve ease-of-use through new task flows, introduce mobile one-time passwords and a reverse proxy, enhance monitoring capabilities, and strengthen entitlement enforcement. It also details upcoming federation capabilities for SaaS providers, a .NET Fedlet to simplify deploying service providers, and continued focus on performance and usability improvements.

1. OpenSSO Roadmap
Sidharth Mishra
sid@sun.com
1

2. What's Next
• More Ease-of-Use Task Flows
• Mobile One Time Password.
• Reverse Proxy with Password Replay.
• Carrier-Grade Monitoring
• Entitlement Enforcement
• Fedlet for .NET
• Embedded Glassfish Container
2

3. More Ease-of-Use Task Flows (Q1 / Q2 2009)
• Protect a Resource Flow
• Create a Realm Flow
• Configure / Deploy and Agent Flow
• Configure an Authentication Store
• Configure an Instance
• Select an Admin for a Realm
3

4. SaaS Federation Task Flows (Q2 2009)
• Provide simple task flows for configuring federated
SSO with popular SaaS services
• Focus on standards-based services rather than
proprietary
4

5. Carrier grade monitoring
• Server level monitoring and management across
entire OpenSSO deployment
> Test agents to ensure they are responding to client
requests.
> Real-time of view of OpenSSO Deployment
> Quickly identify and address problems on Server side
and client side.
• Integrates with 3rd party monitoring and reporting
tools.(OpenView, Unicenter, OpenNMS, Zenoss).
• Basic monitoring data viewer and graphing.
5

6. Reverse Proxy Agent
• 100% pure Java
• Standards compliant reverse proxy.
• Standard war file deployment
• Transparent authentication.
• Session loss recognition and re-authentication
• Dispatch via regular expressions.
• Central management of access control policies.
• Policies are enforced by standard policy agent.
6

7. OTP - One Time Password (Q4 2009)
• Based on OATH reference architecture.
• Support for HOTP & TOTP specification.
• Supports either 6 digits or 8 digits.
• Configurable validity for an OTP password.
• Support for both email and OTP password.
• Will be used in conjunction with other authentication
modules.
7

8. Entitlement Enforcement (Spring 2009)
• Extend OpenSSO to solve access management,
federation, secure web services and
ENTITLEMENT ENFORCEMENT.
> Policy Engine Benchmark – A million policies.
> Killer Policy Management User interface
> Build as reusable composite service for RM and IM.
> XACML enhancements.
– XACML Policy Definition Language.
– Support for XACML Import / Export.
• 3 +1 = 4 SSO Problems. One powerful solution.
8

9. Fedlet (.NET)
Problem Benefits
• How do I federation enable an online
business partner (Service Provider) • Greater ROI on existing investments (e.g.
without it having to deploy and manage a hardware)
full fledged heavy weight Federation • Simple to deploy and embed an SP
solution? application.
OpenSSO Fedlet • Ideal for scenarios where SSO with IDP and
retrieval of user attributes is the
• A lightweight service provider requirement.
implementation of SAML protocol which
can be deployed on a Java EE container.
• Can be easily embedded in a Service
Provider application enabling it to
communicate with an Identity Provider
using SAML.
Fedlet – The lightest and fastest way to federate.
9

10. OpenSSO Enterprise 8.1
OpenSSO Enterprise Roadmap
10

11. More Information
• OpenSSO Wiki
http://wiki.opensso.org/
• OpenSSO Project
http://www.opensso.org
• OpenSSO Enterprise
http://www.sun.com/opensso
11

12. Thank You.
12