Google Site Search


Thursday, March 25, 2010

XACML with ExistDB Integration

I was recently asked about Exist DB support for PicketBox XACML (formerly JBossXACML) mainly to retrieve missing XACML attributes during policy evaluation. The question was asked by one of our beta testers of PicketLink (

We now have ExistDB integration support for our XACML Engine. You can read about it here:
PicketBox XACML Integration with Exist DB

I think storing xml files (policies) in an XML native database is a fine idea as long as it is a small set.

Wednesday, March 17, 2010

Enabling EJB Applications using PicketLink STS

Stefan Guilhen has worked on the integration of PicketLink STS with EJB Applications. He has written this great article on
"SAML EJB Integration with PicketLink STS"

Don't forget to check it out.

If you have questions/comments/concerns, use this forum thread here.

Friday, March 12, 2010

Internet is Freedom

An absolutely brilliant presentation by Lawrence Lessig on the topic of "Internet is Freedom" to the Parliament of Italy.

The "Internet is Here". It is not going away. Whatever we need to do to make it safe, we have to do.

Please do not forget to watch the entire episode. About 30 mins.

Wednesday, March 10, 2010

Oasis Identity In The Cloud Technical Committee

I am pleased to have ignited the establishment of a new Technical Committee called as "Oasis Identity In The Cloud" at the Oasis standards consortium. Prominent security experts in the industry were gracious to participate in the initial brainstorming group I created.

You can read more on the charter here: IDCloud Charter

Apart from Red Hat, the proposers of the TC include Microsoft, IBM, CA, Novell, Rackspace, SafeNet, Yaana Technologies along with a few prominent individuals in the security/identity space. I am sure the proposer list will grow in a few days.

If you are an Oasis member or your company is an Oasis member, you should definitely look at joining this effort.

More details and a call for participation will be announced by the Oasis consortium in a few days.

Keywords: Oasis Cloud Security.

UPDATE: The Oasis Call For Participation is here.

Monday, March 8, 2010

Is OpenSSO alive?

Reading Rich Sharples post and also this post saying Oracle kills OpenSSO Express, I am left to wonder if OpenSSO as an open source project is alive? Let me ping Pat Patterson and see if he knows anything.

It is always sad to see any open source project unplugged from the community.

I do hope majority of the migrations from OpenSSO adopt our open source project called PicketLink, rather than adopt some commercial solution. At PicketLink, we have strived hard (yeah, really really hard) to keep things as simple and nimble as possible.

Info on PicketLink v1.0.2.

Friday, March 5, 2010

Project PicketBox (Security for Java Applications)

I would like to introduce you to Project PicketBox, a security framework for Java Application developers.

Project Page: PicketBox

What does it provide?

An API that can provide the following security features:
* Authentication using JAAS.
* Authorization (Coarse Grained and Fine Grained).
* Audit
* Security Mapping.

What is the latest version?

Latest version for download is 3.0.0.Final ( )
Since PicketBox is derived out of "JBoss Security" v2.0 code base, we have chosen to start with v3.

Where I can read the documentation?

You can read it here: PicketBox Overview

Does it provide annotations?

Yes, it does provide Security annotations. (PicketBoxSecurityAnnotations)

Who is planning to use PicketBox?

* The Seam Development team has immediate plans to use PicketBox for Seam v3.
* PicketBox will be available in JBoss Application Server v6.0 M3 and beyond.