Ⓕ OpenIDM Design Summit Announced

One of the key control points in enterprise software is the provisioning or IDM software. It’s the point all the threads of directory, authentication, authorisation and provisioning come together and it’s the part that the proprietary vendors are least willing to surrender to that great deposer of control points, community-based open source software.

When ForgeRock (where I work) got started, some companies who had been promised an open source IDM by a vendor who then reneged on the promise asked if we’d join them building one. After about nine months collaborative work, the result was the OpenIDM project, for which ForgeRock announced support back in October.

That wasn’t the end of the process of course, and the pace is being maintained. I’m delighted to see that the emerging community is organising an OpenIDM Design Summit in two weeks in Oslo (January 26-27), both as a meeting point for the developers building it and as a meeting for the developers and businesses deploying it (mainly in Scandinavia at the moment, but the meeting will be in English). ForgeRock is providing the facilities and the agenda looks very interesting.

Ⓕ ForgeRock: Announcing OpenIDM

You’ll recall that we started ForgeRock near the start of 2010 to provide continuity for customers of Sun’s enterprise identity middleware products and from that to establish a new ISV creating an identity-oriented application platform, all as open source software. So far we have rehosted OpenSSO in the OpenAM project, and rehosted OpenDS in the OpenDJ project. Demand has been strong and we’ve established a diverse international customer base already, after only 9 months.

Today at GOSCON in Portland we have announced that we’ve taken the new step of releasing a completely new project. We felt there was no strong open source identity provisioning project, so we have launched OpenIDM and released full source code (under CDDL for compatibility with OpenAM and OpenDJ). As with the rest of ForgeRock’s business, there’s no lock-in, no “open core” upsell – just great software with passionate and skilled subscription services and a global network of partners.

OpenIDM’s architecture is uniquely flexible and developer-friendly. It is lightweight yet through a modular architecture enables a hybrid model of storing entitlement-carrying attributes for certification, audits and compliance. OpenIDM is fully open source and relies on well-established, proven components such as the workflow engine from OpenESB and the Identity Connector Framework (ICF), which allows connectivity to a large number of resources such as OpenDJ, Active Directory, SAP and more. ForgeRock can provide subscriptions now to customers requiring assistance with evaluations, proof-of-concept or migration projects.

There’s more about it in the press release and on the OpenIDM web site.

★ Rehost And Carry On

Revised version of British wartime poster, found on Wikipedia

T-Shirts Now Available!

I spent the last two days in Brussels with many of the key participants  in the OpenESB Community. OpenESB is a large software subsystem that conveniently allows all kinds of applications to communicate with each other across networks. It was created by Sun, but since the Oracle acquisition has, as the former Sun project leader (now at Google) wrote eloquently, languished in the decline reserved for projects with important customers which are nonetheless no longer wanted. There’s the soft sound of footsteps backing away to leave it in splendid, unannounced isolation.

The community around OpenESB is actually fairly active, and they (or, as it includes ForgeRock where I now work, perhaps I should say “we”) want OpenESB to stay around. But what do you do if the project is hosted somewhere under the control of a disinterested party? There’s no huge crime or disagreement to “justify” a fork and the code is still out there, but on the other hand any new plans really will need the source and the community presence hosted in a way that allows the interested parties to change and improve things without having to wait for weeks to get replies to requests and risk having them declined if they are deemed inconvenient.

That’s why the topic under discussion is not forking – the remaining community is not divided – but rehosting. That’s also how I would characterise what ForgeRock has done with OpenAM (formerly OpenSSO) and OpenDJ (formerly OpenDS). No conflict, no malice, just a desire by the remaining community to carry on in the aftermath of the main sponsor backing silently away.

[An expanded version of this post can be found on ComputerWorldUK]

☆ New ventures: OpenDJ, FossAlliance

Friday was a busy day full of news for me. After an exhausting day full of conference interventions on Thursday at Open World Forum (a total of five), Friday was the day that I was free to announce both OpenDJ and FossAlliance.

OpenDJ from ForgeRock

OpenDJ is the next addition to our product family at ForgeRock. It is a highly scalable directory server written entirely in Java. It deploys easily into any Java EE application server, is fully LDAP compliant and is rich in features. It meshes beautifully with our OpenAM access management, federation, authentication and authorisation server. It’s entirely open source and may be freely deployed with the confidence that ForgeRock have subscriptions available when needed.

If it sounds familiar, it may be becuase it is based on the OpenDS project Sun used to work on. My old colleague Ludovic Poitou has joined ForgeRock to look after it for us, and I am keen to see a co-developer community grow around it in addition to the substantial deployer community that is now free to migrate from OpenDS to OpenDJ. There’s plenty more about it in the press release and FAQ.

Open Source Consulting from FossAlliance

On a more personal note, over the last few months I have received more and more requests for advice and help from a range of organisations. I’ve joined with several trusted long-term friends to form a consulting alliance for and about free and open source software, called FossAlliance. It provides a “one stop shop” delivering a full range of help, from training to strategic consulting, policy-setting, migration, community engagement and everything else in between – even marketing. We’re able to deliver these services through our alliance of companies, carefully balanced to deliver the full range of engagements.

I’ve also received a large number of speaking engagement requests and now work with a facilitator to arrange engagements. Hopefully these changes will help make life smoother without affecting the building momentum.

⚐ Gosling Webcast

Duke, the Java Mascot, in the waving pose. Duk...

Image via Wikipedia

Next week JavaZone, the conference that brought you Lady Java and Java Forever will be held in Norway. To celebrate the opening of the new ForgeRock Norway office, we’ve arranged for a party just before the conference starts, on Tuesday evening. If you are in Oslo and would like to attend, please send an RSVP to the address on the web site.

As part of that, James Gosling and I will be “beaming in” via webcast to give short talks and maybe even answer a few questions. If you’d like to join the webcast (using DimDim), please register on our website.

Ⓕ First Post!

Today is a significant milestone for the new venture I’m helping, ForgeRock. We’ve announced availability of our first full independent release of OpenAM, the open source authentication and access management system. If you look at the release, you’ll see it’s a significant update, with SAML2 support, fine-grained authentication controls and a host of other improvements.

It’s significant for open source because it signals that the OpenAM community – especially the part on ForgeRock’s own team – is up to speed maintaining and evolving the code and that the transition from its former home is going well. And it’s important to OpenSSO customers because it finally gives them a smooth upgrade path from the version 8 of Sun’s old OpenSSO product, which most of them are using.

My congratulations go out to the whole community for their work, but especially to the ForgeRock team who have been working flat out to make it happen – especially Steve, who really deserves a break! Great job, everyone!

%d bloggers like this: