This blog is a personal book on Security/ IDM related thoughts/opinions. The blog posts are a personal opinion only and neither reflect the views of current/past employers nor any OTHER person living/dead on this planet.
Google Site Search
Friday, February 27, 2009
JBoss Identity 1.0.0.alpha2 released
==================================OUTDATED===========================
Please check: http://www.jboss.org/community/wiki/JBossIdentityFederation
for the most recent updates.
It gives me pleasure in announcing the next iteration of the JBoss Identity . The new version is 1.0.0.alpha2.
You can download the binary in zip format here for either JBoss Application Server or Apache Tomcat from here.
http://www.jboss.org/jbossidentity/downloads/
The documentation in zip format contains a User Guide as well as a Developer Guide.
What does this contain:
a) An IDM component (1.0.0.Alpha2) that has been driven by Bolek of JBoss Portal that provides an API/Model for your Identity needs in your applications.
b) Identity Federation component (v1.0.0.alpha2) that has the following:
- SAMLv2 based Web Browser SSO. (HTTP/Redirect Binding)
- SAMLv2 based Web Browser SSO with XML Signature Support.
- SAMLv2 based Web Browser SSO with XML Encryption Support.
c) Latest version of JBoss XACML component for Oasis XACML v2 support. (v2.0.3.CR1)
Developers who are interested in adding SAML support to their applications can use the API mentioned in the Developer guide.
All you need to do is unzip the distribution in JBAS or Tomcat. Please follow the User Guide for more information.
If you have any questions, please use the User Forum.
Please watch for more information on this wiki: http://www.jboss.org/community/docs/DOC-13254 (we will certainly provide more information here based on feedback).
Wednesday, February 25, 2009
IDTrust: Security in Java Applications
In this vein, I created a project sometime ago called as IDTrust but only recently released a jar out. You can use it in your stand alone applications (provided you download the dependent jars as mentioned in the wiki below).
You can get more info at this wiki page:
https://www.jboss.org/community/docs/DOC-13374
Please use the User Forum to communicate/critic it.
I know there is still work to be done from my end. Your feedback/questions will make the road smoother. :)
Wednesday, February 4, 2009
Kerberizing Web Identity and Services
You can look here.
In my view, the span of Kerberos in terms of trust is limited to the footprint of the KDC. But this new proposal highlighted in this picture utilizes various other forms of trust identifiers to go along with Kerberos.
Monday, February 2, 2009
JBoss Identity Community Platform 1.0.0.alpha1 released
I am pleased to announce the 1.0.0.alpha1 release of the "JBoss Identity Community Platform" for your Identity Management needs.
The project URL is:
http://www.jboss.org/jbossidentity
The JBoss Identity Community Platform contains the following:
a) An Identity Management Framework under the IDM subcomponent. Description is available from Bolek's thread:
http://www.jboss.com/index.html?module=bb&op=viewtopic&t=149355
IDM provides management of identities (Identity,Attributes,Roles etc with various Identity Store plug-and-play).
b) An Identity Federation project that provides federated identity capabilities including SAML v2 based Web SSO.
UserGuide: http://www.jboss.org/file-access/default/members/jbossidentity/freezone/guides/identity-fed/UserGuide/pdf/UserGuide.pdf
DeveloperGuide: http://www.jboss.org/file-access/default/members/jbossidentity/freezone/guides/identity-fed/DeveloperGuide/pdf/DeveloperGuide.pdf
Apart from Web SSO, advanced support includes XML Signature support for trust management and an object model for SAMLv2 and WS-Trust to develop federated identity based applications/services.
c) XMLKey project that provides key management capabilities based on W3C XKMS v2 and Oasis Symmetric Key Management. This project currently provides an object model and unit tests displaying the use of the object model for key management. Some additional work is pending for this project.
The community platform can be enhanced with functionality from:
1) JBoss XACML project that provides fine grained authorization using Oasis XACML v2.0 standards. Remember for alpha1, you will need the 2.0.3.alpha release of JBossXACML (pick the jars from http://repository.jboss.org/maven2/org/jboss/security/jboss-xacml/2.0.3.alpha/jboss-xacml-2.0.3.alpha.jar and http://repository.jboss.org/maven2/org/jboss/security/jboss-sunxacml/2.0.3.alpha/jboss-sunxacml-2.0.3.alpha.jar )
2) JBoss Negotiation project that provides desktop SSO using SPNego/Kerberos for your web applications. (http://anil-identity.blogspot.com/2009/01/jboss-kerberosspnego-support.html)
Even though this is an announcement for an alpha version of the community platform, we are working aggressively on this project and solicit and welcome questions/feedback/contributions from the community. Please tuned in for frequent announcements for releases in this project.
Acknowledgements :
I would like to acknowledge Bolek from the JBoss Portal project for the excellent work on the IDM framework. I also thank Darran for the work on JBoss Negotiation. I also thank Mark Little, Sohil, ThomasH, Stefan, Jeff,TomB,Marcus,MikeBrock,Mark Proctor, Greg Hinkle, Charles and others for the support/feedback.
Reference:
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4206426
FAQ:
1) Why the name "Community Platform"?
It is a selected set of projects/technologies/standards that will cater to the community's identity management needs.
2) What about the other profiles of SAMLv2?
We wish to have a feedback cycle with the community to understand the needs and use cases. You can certainly vote on the profiles with your use case information here:
https://jira.jboss.org/jira/secure/IssueNavigator.jspa?reset=true&pid=12310640&status=1
3) How can I get in touch with the developers of this project?
Register in the jboss-security-beta mailing list of
https://www.redhat.com/mailman/listinfo
or use the forum at http://www.jboss.com/index.html?module=bb&op=main&c=32
Survey: JBoss with Kerberos/SPNego.
announced the release of 2.0.3.GA of JBoss Negotiation which will allow desktop SSO for web applications deployed on JBoss Application Server.
I have created a survey at http://anil-identity.blogspot.com (look at the left hand column) to get a sense of what your usage/requirements are. As always, keep the comments/questions flowing in.
Call for Papers: RH Summit/JBoss World 2009
===============================================================
http://www.businesswire.com/portal/site/google/?ndmViewId=news_view&newsId=20090202005170&newsLang=en
Red Hat Opens Call For Papers For Red Hat Summit And JBoss World 2009
RALEIGH, N.C.--(BUSINESS WIRE)--Red Hat, Inc. (NYSE: RHT), the world's leading provider of open source solutions, today announced that the call for papers is now open for the fifth-annual Red Hat Summit and the fourth-annual JBoss World. Both events are co-located at the Chicago Hilton, and will take place Sept. 1-4, 2009.
The 2009 Red Hat Summit and JBoss World will provide business decision makers, engineers, developers and community enthusiasts insight into the latest open source advancements in Red Hat solutions and JBoss Enterprise Middleware technologies. A comprehensive agenda allows attendees the unique opportunity to move between both conferences, and experience technical and business seminars, hands-on labs and demos, customer case studies, networking opportunities, partner displays and visionary keynotes.
Submissions are being accepted for the 2009 Red Hat Summit in the following categories:
- Red Hat Enterprise Linux and Infrastructure: Tell us how the Red Hat Enterprise Linux platform and related infrastructure solutions, including applications, and virtualization helped to improve security, performance and generally helped with optimization.
- Open Source: Present topics meant for building on the discussion of the current issues and future opportunities facing open source advocates -- the meaning of open source, how it's changing the software world and its effect on businesses, governments and society. Topics may include intellectual property, collaboration, best practices, Creative Commons and licensing.
- Emerging Technologies: Present your views and information about projects and technologies focused on the future of open source and Linux, where the Linux platform is being extended today and discussions on Linux and related open source technologies and projects from a long-term perspective.
- Business Perspectives: Share knowledge with others who will discuss the value that Linux and open source bring to organizations, business trends, Red Hat partner programs and ways open source technology can help solve business problems.
- Carving out Costs: Pass on experiences of ways to reduce overall IT costs through deployment of open source and Linux technologies, extracting more value out of existing systems and increasing competitive advantage.
Submissions are being accepted for the 2009 JBoss World in the following categories:
- Emerging and Next-generation Technology: Tell us how you are using and/or extending JBoss technologies to solve real business-IT problems today. Suggested topics include how you are leveraging existing JBoss runtimes and frameworks in conjunction with other development frameworks, emerging APIs, new standards, cloud computing paradigms, etc. to create the rich Internet applications and services that deliver new heights of functionality.
- SOA & BPM: Tell us how you are using JBoss runtimes and frameworks along with other technologies, standards, and best practices to reduce business process friction and shift your organization to a service-oriented architecture. Suggested topics include how you got started on the path to SOA, solutions that increased the efficiency of business processes, and/or solutions that increased your ability to rapidly reuse and update services.
- Optimize, Secure, & Manage: Tell us how you optimize performance, meet service level agreements, and ensure a secure, stable production environment for your JBoss applications. Share with us the best practices and technologies your IT administrators use to consistently meet and exceed line of business and end user expectations.
- Migration: Tell us how and why you successfully migrated applications to JBoss Enterprise Platforms. Include your porting strategies and best practices, as well as the business impact of switching to JBoss Enterprise Platforms throughout your middleware architecture.
- Enterprise Insights: As a Senior IT Leader, you are tasked with navigating business trends and IT industry developments to lead your IT organization to meet and exceed its goals. Tell us how the emergence and continued maturation of open source software have shaped the way you think about enterprise IT and computing, and what role JBoss Enterprise Middleware plays in helping you meet your goals.
- Carving out Costs: Tell us how you are leveraging JBoss Enterprise Middleware to reduce overall IT costs, extract more value out of existing systems, and increase your competitive advantage.
“By combining the Red Hat Summit and JBoss World in 2009, our customers, partners, and community activists will have a broader opportunity to share, network, and further explore open source technologies," said Paul Cormier, executive vice president and president, Products and Technologies at Red Hat. “Presenters will have a distinct opportunity to share innovative topics with both the infrastructure and middleware communities that will provide exceptional value to all attendees."
The 2009 Red Hat Summit and JBoss World call for papers closes on March 9, 2009. For more information on the call for papers, to make a submission, or for sponsorship activities, visit either www.jbossworld.com or www.redhat.com/promo/summit/2009/.
About Red Hat, Inc.
Red Hat, the world's leading open source solutions provider, is headquartered in Raleigh, NC with over 65 offices spanning the globe. CIOs ranked Red Hat as one of the top vendors delivering value in Enterprise Software for five consecutive years in the CIO Insight Magazine Vendor Value survey. Red Hat provides high-quality, affordable technology with its operating system platform, Red Hat Enterprise Linux, together with applications, management and Services Oriented Architecture (SOA) solutions, including JBoss Enterprise Middleware. Red Hat also offers support, training and consulting services to its customers worldwide. Learn more: http://www.redhat.com.
Forward-Looking Statements
Certain statements contained in this press release may constitute "forward-looking statements" within the meaning of the Private Securities Litigation Reform Act of 1995. Forward-looking statements provide current expectations of future events based on certain assumptions and include any statement that does not directly relate to any historical or current fact. Actual results may differ materially from those indicated by such forward-looking statements as a result of various important factors, including: risks related to the integration of acquisitions and the ability to market successfully acquired technologies and products; the ability of the Company to effectively compete; the inability to adequately protect Company intellectual property and the potential for infringement or breach of license claims of or relating to third party intellectual property; risks related to data and information security vulnerabilities; ineffective management of, and control over, the Company's growth and international operations; adverse results in litigation; and changes in and a dependence on key personnel, as well as other factors contained in our most recent Quarterly Report on Form 10-Q (copies of which may be accessed through the Securities and Exchange Commission's website at http://www.sec.gov), including those found therein under the captions "Risk Factors" and "Management's Discussion and Analysis of Financial Condition and Results of Operations". In addition to these factors, actual future performance, outcomes, and results may differ materially because of more general factors including (without limitation) general industry and market conditions and growth rates, economic conditions, and governmental and public policy changes. The forward-looking statements included in this press release represent the Company's views as of the date of this press release and these views could change. However, while the Company may elect to update these forward-looking statements at some point in the future, the Company specifically disclaims any obligation to do so. These forward-looking statements should not be relied upon as representing the Company's views as of any date subsequent to the date of the press release.
LINUX is a trademark of Linus Torvalds. RED HAT and JBOSS® are registered trademarks of Red Hat, Inc. and its subsidiaries in the US and other countries.
Contacts:
Red Hat
Jess Gerber, 919-754-4210
jgerber@redhat.com