I am no longer associated in any way with ForgeRock AS. With my renewed independence, I’ve a new startup activity I’m exploring, and I’m open for consulting, speaking and writing engagements during those explorations. Do please get in touch if you have any need of open source policy, process and community consulting.
Will you be in Portland (the one in Oregon in the USA) next week? ForgeRock would love to meet you during OSCON. Join us at Kells at 6pm on Thursday July 28th (it’s an easy and free Max ride from the Convention Center and you can easily make it back for the State of the Onion if you need to). Come to our session on Thursday morning to collect a wrist band for unlimited free drinks!
In case you’re not familiar with ForgeRock, we’re a rapidly-growing startup that’s taking a radical software-freedom-first approach to creating an identity-oriented application platform – SAML, LDAP, provisioning, single-sign-on and much more. The software we’re developing is already mature and is already in use at around 50 of the worlds most interesting high-scale technologically aggressive companies. At OSCON I’ll be joined by colleagues to explain our philosophy and our software.
I have a firm belief that open source software communities become strong when people with many different reasons for being present are free to meet their needs in a community. If everyone sees the software the same way, it’s very hard for more than one company to participate strongly in the community with the result it tends towards being a user community with few co-developers. As you might guess, I’ve seen a lot of communities like this in my time.
At ForgeRock, it’s our vision to create a secure and scalable platform for building real-world applications on the web, and the I3 platform that we’re gradually creating uses a range of different open source projects to achieve this. But we’re keen to see the technology base we’re using become more modular, so that differently-motivated uses of the components can find synergy without directly competing. To that end, I’m very pleased to be able to make an announcement about a new community we’re sponsoring – OpenICF.
OpenICF is a community that draws together the many users of the Identity Connector Framework, ICF, which makes it straightforward to create connectors for joining applications together to co-operate. We’re using ICF connectors in OpenIDM, but you’ll find that community members – and there are more than the press release lists – are using ICF-based connectors in a variety of contexts, including Brinqa who are using ICF with compliance and risk management solutions .
This diversity is very healthy. It means different people will see the software in different ways, bringing fresh, innovative ideas and introducing the opportunity for serendipity. It’s that characteristic that makes the strongest open source communities. For evolution to succeed, there has to be mutation!
Today has been a big landmark for many of the developers at ForgeRock and in the communities in which they participate. Both the OpenAM (identity authentication, authorisation and federation) and OpenDJ (LDAP server) projects have announced new interim releases today to consolidate incremental improvements. For those in any doubt, this work is only happening on the OpenAM and OpenDJ projects and not in any predecessor projects.
The OpenDJ 2.4.1 release includes a number of bug-fixes but adds new features in addition to those added in the earlier full release such as:
- A newer version of the Berkeley DB Java Edition database.
- The ability to define Collective attributes based on Virtual attributes. This can be used to define Collective attributes (Attributes that are automatically inserted in user entries) based on Group membership for example, or based on the Password Policy enforced for the user.
The OpenAM 9.5.2 release includes a large number of improvements and bug-fixes which have arisen in support of ForgeRock customers, but includes new features such as:
- An “update-policies” command in ssoadm
- A method to retain the original session during an upgrade, improving availability
- An easier way to get hold of realm/auth chain information within JSPs
Both represent a great deal of work by the respective teams – congratulations to them on keeping both projects improving and progressing.
ForgeRock was started in February 2010 and is now one year old. In its first year:
- ForgeRock did business with 35 customers in 10 countries
- Global turnover exceeded $2M US and continues to grow
- The company has grown to 35 employees who between them speak at least 14 languages
- ForgeRock has 80 consulting and training partners globally
- The company is now incorporated in the US, UK, France and Norway and has five office locations
- ForgeRock joined the Kantara Initiative, working on federated identity standards
- ForgeRock secured the future of two open source projects, federated access manager OpenAM and LDAP server OpenDJ, and contributed new code and features to produce new releases of both
- ForgeRock created and launched one new open source project, identity provisioning system OpenIDM
So far, so good – it’s been exhilarating getting to this point. But the coming year looks just as interesting.
To start year two with a bang, I’m pleased to announce that ApexIdentity will be joining ForgeRock effective today, bringing their expertise in identity and access management to the projects that comprise ForgeRock’s I3 platform. In particular, their great work on OAuth 2.0 will be adapted and contributed to the OpenAM project, maintaining its reputation as the leading open source system for access management. Founders Jamie Nelson and Paul Bryan will join ForgeRock’s leadership team with responsibility for the overall I3 platform vision.
The combination is a good fit for our needs and is timely. I hope it will result in our growth – particularly in the US and Canada – accelerating as the ApexIdentity people come up to speed. A warm welcome to the team!
When we started last year, it was thrilling to see how many companies responded when we asked who would be interested in reselling ForgeRock subscriptions, consulting on the projects and delivering training. Over eighty former Sun partners contacted us.
But customers asked us, out of all those community partners, who we would recommend locally, who did we trust. We started thinking about how to identify key business partners from the community partner list, and have spent the last two months gradually working our way country by country through the list. The result? Take a look at the map.
Today was a particularly satisfying day in that process – our first UK partner. Members of the UK open source community will be familiar with Mark Taylor and his company Sirius, probably the UK’s leading supplier of open source IT services (especially to local government and the public sector). I’m delighted to say that Sirius is ForgeRock’s first full UK partner. We’ve added them to the map and I’m really looking forward to working with Mark and his excellent team to deliver open source identity solutions across the UK.
Last week I broke the news that ForgeRock (where I work) had gained an architect for OpenIDM. Today is the last day of ForgeRock’s first year, and I’m pleased to say we have gained an architect for the open source LDAP directory product we work on, OpenDJ.
Matthew Swift comes with great experience, having worked on the OpenDS project before at Sun Microsystems where he was responsible for the core server (its performance; reliability; administration model and tools) as well as developing many new core features. He’s already dived in with ideas about how ForgeRock should contribute to the OpenDJ roadmap, including planning for a new v3 release of OpenDJ with a redesigned core server so that the v2 base can be kept as stable as possible for existing users, adding only usability features and mainly fixing bugs.
This is a great end to a great first year. Welcome to ForgeRock, Matthew!
You’ll recall that ForgeRock (where I work) launched the OpenIDM project back in October. One of the key control points in enterprise software is the provisioning or IDM software. It’s the point all the threads of directory, authentication, authorisation and provisioning come together and it’s the part that the proprietary vendors are least willing to surrender to that great deposer of control points, community-based open source software.
It’s already stimulated a great deal of interest and we already have a number of customers for it. We realised it needs a great engineer to act as ForgeRock’s lead architect for OpenIDM. So I am delighted to say that, starting today, Andreas Egloff is joining ForgeRock as Chief Architect, OpenIDM. Andi headed up OpenESB development at Sun and was the force behind the Fuji project that was creating its successor. His skills in identity management in general and in identity oriented enterprise middleware will be crucial in helping the OpenIDM project evolve quickly yet with architectural integrity.
Having Andi join the team rounds out an amazing first year wonderfully – welcome, Andi!