Oracle Shuttering OpenSSO

mdm42 writes "OpenSSO is one of the best open source web Single Sign On projects out there. Sun Microsystems made OpenSSO open source in 2008, so it's sad to see how, after absorbing Sun, Oracle is shutting down this amazing project, labelling it 'not strategic' and dismembering the few parts they think are worthwhile for their own SSO effort. They started by freezing the next express release, and during the last few weeks they have been removing all the open source downloads from the OpenSSO website and removing content from the wiki. Fortunately, a Norwegian company called ForgeRock has stepped up to the plate in an attempt to salvage the project under the new name OpenAM."

MySQL next?

[Bearhouse]

Sadly, probably yes...

Re:MySQL next?

[Locke2005]

Why so sad? This only proves that you can't kill an open source project; any worthwhile project will have someone else pick up the development, with or without forking it. If Sun attempts to "kill" MySQL, somebody else will pick that up too. Sure, repurposing the paid developers formerly working on the project is a real loss to the project, but not a fatal one.

Re:MySQL next?

[seebs]

Gee, if only we had PostgreSQL doing just fine as an alternative, then I wouldn't mind so much if MySQL went away.

Re:MySQL next?

[sadov]

Apropos -- Oracles acquisition of Sun for russian regional representations approved by russian Federal Antimonopoly Service of the Russian Federation at 19 March.

The main condition of this approvement -- 4 years of MySQL support & development and saving of Open Source status of this project.

You may found this verdict at agency site (unfortunately only on Russian now ;) :

http://www.fas.gov.ru/merger/decisions032010/a_29515.shtml

Re:MySQL next?

[dgatwood]

And don't forget Ingres, SQLite (which is good enough for a lot of low-bandwidth stuff that MySQL has historically been used for), Drizzle (MySQL fork), and probably at least a half dozen others....

Re:MySQL next?

[seebs]

Yeah. sqlite is AMAZING.

pseudo (my project for a thing like fakeroot, only more bulletproofed) uses sqlite as its backend, and it's been a dream to work with.

Re:MySQL next?

[WrongSizeGlass]

http://www.fas.gov.ru/merger/decisions032010/a_29515.shtml

I ran that link through Google Translator, and it came back with: "All your queries are belong to us" and "MySQL will be renamed OurSQL".

Re:MySQL next?

[BBTaeKwonDo]

Thankfully, not

Re:MySQL next?

Firebird DB is a very good and solid product.

Re:MySQL next?

[Pengo]

Yup. :) I have done a bunch of small pet projects w/my work using sqlite and it's been awesome.

For quick and dirty data-processing tasks, it's a god-send.

Re:MySQL next?

[the_womble]

The problem is with stuff that is already built on MySQl, and the availability of MySQL. All the low end CMSs use MySQL, so do quite a few big ones. ALl the cheap web hosts offer MySQL.

MySQL is also, IMO, easier to learn.

Re:MySQL next?

[Kagetsuki]

I hope they do. I have never liked SQL and MySQL has always been problematic for me. The company I work at has switched to Tokyo Cabinet for all our applications and it has been like a dream compared to MySQL. The fact that we can have heavy duty applications written in C/C++ and web applications bound up with Ruby all effiiently accessing the same database AND those applications are extremely easy to understand and were easy to write says a hell of a lot.

Of course I'm really not going to start liking Oracle regardless of what they do with MySQL; in fact I can't remember ever liking Oracle or finding anything they offer attractive. On top of that the fact they are being straight up dicks with SUN (some of SUN's stuff I really do/did like and I really wish Java had kept up and prevented Flash from ever taking off). Can anybody even offer an argument for why we should support Oracle? What do/did they do that is good?

Re:MySQL next?

Sadly? Perhaps it'll force people to use a proper database like Access or SQL Server.

Re:MySQL next?

[newdsfornerds]

Isn't there already a non-Snorcle fork of MySQL?

The Sun Also Sets

[WrongSizeGlass]

Another nail in the once proud legacy of Sun.

Re:The Sun Also Sets

Why can't Oracle just leave OpenSSO open source but no longer maintain it? Why the need to rename the project or software? I hope the management at Oracle and the former Sun roast in Hell.

Re:The Sun Also Sets

[WrongSizeGlass]

Because they want to monazite any parts of it they can pilfer. I used to refer to this practice as 'Frankensteining', but when it comes to Oracle I don't want to tarnish the good name of Frankenstein.

Re:The Sun Also Sets

Because they want to monazite any parts of it they can pilfer.

They want to mine rare earths from their software?

Re:The Sun Also Sets

[WrongSizeGlass]

D'oh! Damn Apple's autocorrect ...

Re:The Sun Also Sets

[plover]

Is it? Or is OpenSSO simply inconsequential?

I've never understood the appeal of SSO solutions. Joe Sixpack doesn't give a damn. It's never been made simple enough for him to "get". A handful of geeks may think it's awesome. But the rest of the real world doesn't care.

Snoracle is probably totally safe with this.

Re:The Sun Also Sets

Joe Average in my organization sure cares. All the constant bitching about having to to enter usernames and passwords for everything on our network has completely gone away since we implemented an SSO solution for it all. Maybe the average home user doesn't care, but it's extremely naive to say that most people just don't care about SSO. They do. Even if they don't know it.

Re:The Sun Also Sets

[mobby_6kl]

Yeah, I'll second this. We thankfully have an SSO solution at our company, and everybody seems to love it. I'm myself not an "average user", but even I would probably kill myself in short order if I had to manually enter my credentials every time I accessed on of our internal systems. And not only it's more convenient, it's also probably more secure, since users don't need to have a bunch of post-it notes with passwords stuck to their monitors.

Re:The Sun Also Sets

[Tacvek]

Most SSO in organizations I've ever seen seem to work by connecting the user directory to Kerberos, and use that for authentication to everything. Depending on how well IT department set up token forwarding, you may need to enter your credentials to access many systems, but everything in the company, from signing into the Windows Domain, to authenticating to the database uses Kerberos, so you have exactly one password to remember.

Re:The Sun Also Sets

It's not really *single* sign-on if you have to enter credentials more than a *single* time, regardless whether it's the same credentials or not. We have real SSO, where you login once (usually into the active directory) and then are automatically authenticated for most everything else, including all our internal webapps.

Standardizing all the authentication (so there was a single password), was our first step in moving towards a complete SSO implementation.

Re:The Sun Also Sets

I agree - SSO is nice when it's done properly. But unfortunately, I work for Oracle.

And Oracle has what ~they call an SSO~ for most of their internal stuff, but it isn't really. I.e. it's the same credentials but you have to separately enter them on every freaking page. Webmail? Enter your SSO. Procurement? Enter your SSO. Timesheets? Changing your employee details? You get the idea.

What's worse is that on top of this there's still a handful of systems that don't use the SSO, like the IP phone consoles and the teleconferencing solution they have.

Re:The Sun Also Sets

[Eskarel]

Why because Oracle canned a crappy Single Sign on Product which pretty much only integrated with Sun's other equally shitty server products?

I love Java and I love the standards which Sun developed to create it, but Sun's implementations of their own standards are pretty shocking. That's a lot of the reason they tanked in the first place.

Re:The Sun Also Sets

Is it? Or is OpenSSO simply inconsequential?

I've never understood the appeal of SSO solutions. Joe Sixpack doesn't give a damn. It's never been made simple enough for him to "get". A handful of geeks may think it's awesome. But the rest of the real world doesn't care.

Snoracle is probably totally safe with this.

OpenSSO is not inconsequential IMHO - it is still one of the market leaders according to Gartner, and has a wide deploy base.

As for Joe Sixpack not giving a damn about SSO, that's the whole point. The user doesn't have to think about having access to 40 systems with the same username/password in a single session. The rest of the world uses SSO more and more, just look at making comments on a blog being identified by your current Google login because there is an OpenID integration - perhaps running on OpenSSO...

Re:The Sun Also Sets

[Tacvek]

Fair enough, but Kerberos can be used as the basis of real SSO if done right. For example, Firefox, shh, and many other utilities can be configured to forward Kerberos tokens to avoid needing to sign in to the remote machine. Window's own AD based Domain architecutre allows access to other Windows machines without authenticating even if Kerberos was not configured, so that will not need multiple sign ons.

If done right, one would not need to sign in more than once unless doing something really unusual. If one is doing something really unusual, a second sign-in is not a very onerous requirement.

This is the way of MySQL too?

[Z00L00K]

This may be a test to see if they get attention for shutting down an open source project they inherited in order to also in the long run do the same to MySQL and possibly also other OpenSource projects.

Re:This is the way of MySQL too?

[PFAK]

Well, considering, there is no official announcement from Oracle that they are pulling OpenSSO from their product lineup. This article/blog entry is mere speculation.

Re:This is the way of MySQL too?

[BitZtream]

Or it could be that no one actually gave a shit about OpenSSO outside a very small group of people.

Its funny that everyone assume Oracle is being evil when a simple bit of common sense makes it pretty clear that its a waste of resources from pretty much every perspective to Oracle.

Re:This is the way of MySQL too?

[NeutronCowboy]

Just like MySQL? I can't see the business case that will cause Oracle to keep MySQL around. A low-end version into the DB market? Just slap a few limitations on an actual Oracle DB, and presto - low-end version with a trivial upgrade path to "the real thing."

Re:This is the way of MySQL too?

As a Snorkel employee (Sun->Oracle) I'll add a simple comment. If it isn't profitable or strategic, it will be shuttered or turned loose to the community to support. It is *as simple as that*.

Re:This is the way of MySQL too?

[Chyeld]

Information on the Wiki being removed, all of the 'opensource' versions removed for download, all updates to the same removed, leaving only the pay "enterprise" version avaliable?

Let me guess, in a previous life you worked in Baghdad handing press announcements concerning the Allied troop advances for the Iraqi government.

Re:This is the way of MySQL too?

[Kjella]

Reality check: Nobody buys a company and just carries on because unless it was really mispriced in the market, you've gained nothing. You might as well have put the money in a stock fund. In closed source companies this means projects get canceled, reprioritized, product portfolios are aligned and they search high and low for the claimed synergies they were supposed to get. What happens in open source companies? Exactly this same. There's been quite a few of these stories now and they're all full of trivial projects and tin foil hat conspiracy. I just checked Digg and THEY got better stories than this. I'm quite the geek but still... stuff that matters. Or is at least cool, interesting or funny in a nerdy way. But not "Minor corporate politics" for 100$, I'll pass Alex.

Re:This is the way of MySQL too?

[copponex]

The information asymmetry involved in technology make it a very lucrative place to be. A vast majority of people don't understand the differences between Windows and Linux, much less the difference of open and closed source.

Oracle is determining what parts of Sun are profitable, and planning to abandon the parts that are not. The abandonment of unprofitable Sun products will be touted as their commitment to open source. The privatization of Sun products will be touted as their commitment to innovation, or some other meaningless phrase.

If it makes you feel any better, that was also the policy of Sun. And Microsoft. And Apple. If you are ever on the wrong side of a profit equation for a company, you will be screwed. This is as certain as death and taxes.

Re:This is the way of MySQL too?

Well, considering, there is no official announcement from Oracle that they are pulling OpenSSO from their product lineup. This article/blog entry is mere speculation.

No, not "speculation", rather "observation".

Re:This is the way of MySQL too?

[DMUTPeregrine]

This is the first time I've heard of OpenSSO. Now, I'm not a web developer, but isn't OpenID much more popular as a SSO service?

Re:This is the way of MySQL too?

The low-end (and free) version of Oracle is called Oracle XE. It supports just one cpu and has other limitations.

Re:This is the way of MySQL too?

Which is why you probably aren't a business man. MySQL still has plenty of people who are loyal to the MySQL brand and will continue to use it, whether it's Sun or Oracle who's owning it. Anyway Oracle already has a version of their database you can use for limited use.

Re:This is the way of MySQL too?

They already had that - remember Oracle 10 XE? It was free for production use, although limited (single processor, RAM limit, etc.). I suspect it didn't generate enough low-end market penetration. There is a huge installed base of MySQL. If Oracle can enhance MySQL with good migration tools (one-way, of course), then they potentially have a much greater strategic advantage than simply providing XE versions of Oracle.

- T

Re:This is the way of MySQL too?

[dgatwood]

Actually, the fact that Oracle is slashing and burning stuff immediately after an acquisition seems like a pretty good indication that this really wasn't the S.O.P. for Sun, which may explain why they had to accept a buyout to stay afloat....

Re:This is the way of MySQL too?

Nonsense.

Which is why you probably aren't a business man.

If people are only using MySQL for the brand, then they don't give a damn whether it's a restricted version of Oracle branded as MySQL.

Re:This is the way of MySQL too?

You are clearly unqualified to comment on the significance of OpenSSO in the federated identity management marketplace. This is a hugely important nascent market, and Oracle's decision to shutter OpenSSO has nothing to do with OpenSSO's insignificance - quite the contrary. Buying Sun in order to eliminate such competition was very much one of Oracle's primary considerations, and you are either completely ignorant or intentionally misrepresenting the facts for your own ulterior motives to say something so completely off-base.

Re:This is the way of MySQL too?

The closet thing in the stable to MySQL is OracleLite and that hardly qualifies as it is a different market completely. Besides, they already bought a lot of the bits to add to MySQL before they got Sun :)

Re:This is the way of MySQL too?

[petermgreen]

I don't think it's the brand that brings people to mysql. You can't just drop in replace one DB with another in most cases.

IMO there are a few reasons people use mysql
1: it's free (as long as you don't try to link it into a commercial app)
2: it's included with almost every linux distro and linux based webhosting package
3: nearly all webapps are built to work with it.

IMO the most sensible thing to do would be to stagnate but not kill mysql while at the same time using code from mysql to build a mysql compatible interface to oracle and a tool for migrating data from mysql to oracle.

Then they can push that as a soloution for those who have outgrown mysql.

IMO if oracle kills mysql the users are far more likely to migrate to either a mysql fork or another FOSS database than they are to a light edition of oracle.

Re:This is the way of MySQL too?

At least there's still OpenID.

Re:This is the way of MySQL too?

[glwtta]

Hopefully.

Re:This is the way of MySQL too?

[styrotech]

OpenID is not an SSO service. It is more like an authentication protocol and somewhat orthogonal to something like OpenSSO.

eg here is an OpenID extension for OpenSSO:
https://opensso.dev.java.net/public/extensions/openid/

Re:This is the way of MySQL too?

[fm6]

Funny thing, Oracle seems to see business cases where other people don't. They bought RDB, SleepyCat, InnoDB, all of them database products that have zero synergy with their existing database. All have flourished under Oracle; in the case of RDB (which was originally for the VAX, and still only runs on HP's DEC legacy platforms), Oracle's support is the only thing that has kept the product alive.

Whenever Oracle acquires another company, there's always somebody claiming that they bought it just to shut it down. (I kept hearing that about Sun, even the economics of such a move are absurd.) When it's a database application company, that's usually the consensus (as with PeopleSoft). And yet I can't recall the last time Oracle actually did that. Sure, they shut down useless blue-sky projects (and Sun has a lot of those) but the products that had any momentum at all tend to do quite well under Oracle.

This guy makes a business case for Oracle MySQL:

http://bit.ly/81x9t

Re:This is the way of MySQL too?

[Eskarel]

Well the issue is that Oracle doesn't scale down very well. All that power and all those features come at a pretty hefty price tag in terms of disk space, memory and CPU. According to the DBA guys, setting up a new Oracle instance at work takes about 10 GB of SAN space without even adding any data to it. Not the kind of thing you'd do lightly if you didn't need any of that power, even discounting cost.

Re:This is the way of MySQL too?

[fm6]

Oracle is determining what parts of Sun are profitable

Or potentially profitable. Sun has some good products that don't do as well as they might, due to inept management and marketing.

Re:This is the way of MySQL too?

(From TFL) Oracle might as well cannibalize themselves, then have someone else do it.

Yes, it wouldn't make any sense to do it only once, or in any other order.

Re:This is the way of MySQL too?

[terryducks]

oracle xe ?

Re:This is the way of MySQL too?

[multipartmixed]

A new Oracle instance takes up about a half a meg for control files and probably 30 megs for system tables et al. At least it did with version 8. I can't see version 11 having bloated to 10 GB, that's truly insane.

You're right about it not scaling down, though, and you missed the key resource: dollars. You can't put an Oracle db on a powerful webserver (at least not on Solaris) to say, serve up a few hundred web accounts for anything less a bajillion dollars. Unless they have changed licensing in the last few years, which is entirely possible.

It also requires more human resources to set up and plan - a real DBA - whereas your typical web monkey is plenty for MySQL.

Re:This is the way of MySQL too?

[Eskarel]

I only know what the DBAs quote me, I'm not a DBA and I have pretty much zero interest in being one. I do some database design for my application development role, and I can do basic administration for SQL server, but actually setting up Oracle is black magic as far as I'm concerned.

Re:This is the way of MySQL too?

[codegen]

My understanding is that OpenID is designed and coded to link public servers. Its not quite as useful for implementing a single sign on service to multiple services within a private organization. For example, openID supports users signing up and creating their own accounts, while in a enterprise system, you want to have control over creation of accounts, roles and access to resources.

Re:This is the way of MySQL too?

[badkarmadayaccount]

OT: Why can't I log in with a sf.net delegate of my google OpenID to /.?

Re:This is the way of MySQL too?

[00lmz]

IMO the most sensible thing to do would be to stagnate but not kill mysql while at the same time using code from mysql to build a mysql compatible interface to oracle and a tool for migrating data from mysql to oracle.

CREATE TABLE ... ENGINE=ORACLE would be a great April 1 joke.

Re:This is the way of MySQL too?

The costs of keeping the code and wiki available are trivial to a large company, yet they removed it. They aren't just abandoning OpenSSO, they tried to kill it quietly. It isn't really hard to see why people view the actions as evil.

Re:This is the way of MySQL too?

[Golthar]

Currently using OpenSSO on a product, I've seen that Oracle has removed more and more (now including the Wiki content it seems) from the project.
This is going to be one in a long line of project cancelations.

Re:This is the way of MySQL too?

[prezkennedy.org]

Do you actually use any Oracle products? Nothing about them is ever "trivial"!

Re: Maybe not

[colinnwn]

MySQL would be a very high profile project to kill. I think it is more likely they would provide much less support and engineering resources for it going forward, leaving it to the community outside of Sun to keep it feature and bug competitive.

Proprietary product, anyone?

[Night64]

Oracle is probably trying to leverage her own Identity Management product against IBM and Novell, who are kings on this market.

OSS FTW...

because it was OSS, it can be forked and survive. :)

Re:OSS FTW...

...or OSS FTL? If it had a viable business model behind it, they wouldn't be killing it off.

OpenSSO isn't trademarked by Oracle/Sun

[PFAK]

OpenSSO is not a trademark of Oracle/Sun, you can see a list of trademarks for Sun at http://www.sun.com/suntrademarks/

Re:OpenSSO isn't trademarked by Oracle/Sun

[Gerald]

It's not a registered trademark. You have plenty of rights over a mark even when you haven't registered it.

Re: Maybe not

[Bearhouse]

I think it is more likely they would provide much less support and engineering resources for it going forward, leaving it to the community outside of Sun to keep it feature and bug competitive.

Pretty much what I meant...but a fork surely won't be as credible with the corporate suits as a product with Sun behind it.
Shame, MySQL & Ooffice are both great products IMHO.
Maybe a white knight (with a Red Hat?) will take it over, but I'm sure if they're too successful than Larry will find a way to stymie it...

Re: Maybe not

[WrongSizeGlass]

oraclepleasedontkillmysql.com is still available ... I sure hope Oracle doesn't get it first ...

not strategic

[nurb432]

Well of course not. If it doesn't make Oracle money, it will be gone.

SPARC

[nurb432]

Will see the same fate.

Re:SPARC

[argoth]

Losing SPARC doesn't make much sense for Oracle. They already are closing down their x86 business and all the talk from them has been about investing in / focusing more on their SPARC (read more expensive) integrated system offerings

Re:SPARC

[david_thornley]

SPARC is strategic. It gives Oracle an opportunity to provide a whole hardware and software stack.

OpenAM?

[nycguy]

Isn't FOSSSSO so much more appealing?

Re:shuttering

You keep using that word. I do not think it means what you think it means.

Risks and Benefits of OSS

[olyar]

As much as this is a bummer, it's actually a great example of the OSS model at work.

If this was a closed source solution, where the company got acquired and the product wasn't strategic, the solution would just be gone.

With OSS though, another company - for whom the solution is strategic - can step in and pick up the project.

Re:Risks and Benefits of OSS

[BitZtream]

Yea, and pretty much any time some propritary software package is terminated, it is almost certainly available for sale to someone else so it can be taken over if its worth it to someone.

The reason it doesn't happen is because the projects that get cut are the ones that no one cares enough about to continue development.

The license of the software pretty much no effect on its ability survive, its worth to someone else does.

Re:Risks and Benefits of OSS

Not true.

Let me cite an example in the exact same market space: CA acquired Netegrity because they wanted SiteMinder even though they (CA) already had a web SSO product. In addition to SiteMinder (their main business) Netegrity had a provisioning product. After the acquisition closed CA shot their in house SSO product and shot Netegrity's provisioning product.

CA would never have even considered selling either product to anyone else at any price for two reasons:
* why compete with a product you created when you already own it
and
* it's better to migrate your existing customers on the "to be killed" product over to the strategic product than to sell them off along with the product you're killing.

This happens throughout the software industry every time there's an acquisition and some overlapping products. The acquirer decides which products will live on, which will be shot immediately and which will be put onto life support until customers can be gently moved off onto the strategic product.

The only difference here, as the grandparent says, is that someone can grab the code and resources and carry on.

Re:Risks and Benefits of OSS

[petermgreen]

Yeae. and pretty much any time some propritary software package is terminated, it is almost certainly available for sale to someone else so it can be taken over if its worth it to someone.
Bullshit

Buying out a propietry requires a substantial chunk of cash up front. So it's only an option if one of the following applies.
1: you are big enough to buy it out
2: you can convince another company that it's worth thier while to buy it out, take it over and sell you licences.
3: you can get enough of the community together to buy it out.

And even if you can get the money together the owner still has to be willing to sell. They may not be especially if they consider killing the project to be a strategic move.

Copying the code of an opensource project and setting up repositries OTOH is so cheap that anyone can do it. Minimal maintenance (accepting bugfixes, dealing with new OS releases etc) is some work but should be managable by a few interested users working together.

Good for them

[selven]

SSO is a pretty backwards way to do Open Source Software.

And why do I care?

What does this OpenSSO do for me that Kerberos doesn't?

If Oracle wants to do something useful with the Sun assets, they should kill off java. Java is an abomination upon the IT world. I have yet to see a well-written unbloated java app.

Case in point: RSA rewrote their entire SecurID one-time token server in java. What used to be a fast, nimble application that started within 15 seconds now takes 15 minutes to start. RSA recommends 60 gigs of free space. The previous version required 200 megabytes.

Re:And why do I care?

[longfalcon]

Oracle database is 100% Java?
Berkeley DB is 100% Java?
really?

Re:And why do I care?

[eric2hill]

Oracle database is not Java based, but does require Java as a key component of the system. Pretty much all of the admin tools are written in Java, but the core database is C++.

Berkeley DB is written in C and has API's available for C, C++, Java, and others.

There is also the Berkeley DB Java Edition which is pure Java.

Re:And why do I care?

[deniable]

Not the good ones. The core is still a good product. The java stuff they pile on top needs to die.

Scandinavians again.

[unity100]

please, those who have the tendency to batter me with hardliner conservative arguments in discussions, make a mental note - this is one of the cases i always give examples of success of social democracies, and how heavy regulation and keeping-in-check of corporations spurs innovation far more than the reckless corporate owned environment does. an american company, which lives in a land in which corporations rule, shuts down something useful, and that useful thing gets immediately salvaged by a company which lives in a land in which corporations are heavily kept in check and regulated. and again, another scandinavian country.

Re:Scandinavians again.

But didn't the innovation happened in the capitalist country?

Re:Scandinavians again.

[unity100]

are you aware of the number of open source projects that have been spawned in scandinavia, or greatly contributed to by scandinavia ? one of them is linux.

Re:Scandinavians again.

[spun]

Depends on whether you would call the UK circa 1970 a capitalist country or not. The inventor of the relational database was British.

Re:Scandinavians again.

are you aware of the number of open source projects that have been spawned in scandinavia, or greatly contributed to by scandinavia ? one of them is linux.

Another one is MySQL.

(And WTF is with the "Anyone who doesn't think corporate oligarchy is the cat's pajamas = Troll' mods?)

Ironic

[ritzer]

This has got to be the height of irony. Lamenting, a commercial entity is dropping a project that doesn't make money... But, isn't the beauty of open source related to the fact that those who care, can pick up the source and make it work? So, prove it.

Code still accessible from the CVS

[thetoadwarrior]

If you want the source you can get the info to obtain it from here http://wikis.sun.com/display/OpenSSO/CVS+Tags

I'm grabbing the source now.

Love it.

[toriver]

- Hi we are Sun and we have this portal. You want to buy a commercial license for it?
*buys*
*six months pass*
- Oh hi we decided to drop that portal and switch to this Liferay-based Webspace solution none of our techs really know anything much about?
*grumble*
*a year passes*
- Oh hi again, we were just bought by Oracle and will be abandoning Webspace, would you like to switch to this WebLogic-based monstrosity instead?
*curses*

That is in addition to the OpenSSO/IDM kerfuffle.

Is this the beginning of the end?

[boer+lee]

Another somewhat related open-source project has had no commits since January 25 http://www.opends.org/source/xref/trunk/

Here we go again

[realinvalidname]

Like I posted a few weeks back, /. needs to save a template to re-use each time they feel the need to write a story about a marginally-relevant, minimally-staffed, largely-forgotten Sun project that Oracle shuts down.

Re:Here we go again

marginally-relevant, minimally-staffed, largely-forgotten open source branch of a Sun project that Oracle shuts down, while retaining the actual project.

Fixed.

Re: Maybe not

[jhol13]

Why? MySQL is a goose laying golden eggs. Why would Oracle kill it?

They will charge for the support and engineering, just like Trolltech and Sun did.

Re:OSS FTL...

Faster Than Light, indeed

Re: Maybe not

[dimeglio]

Once you go opensource, you can't go back.

Jasig CAS - OpenSSO Alternative

[amasiancrasian]

Why not use Jasig CAS instead? Not that it will be any consolation that Oracle is trying to profit off its expensive SSO solution, but CAS is easy to implement with a Java and Ruby version available, and hundreds of universities are using them. We're a private business and we use CAS easily with phpCAS and RubyCAS-client. It's easy to use and implement, and systems such as PeopleSoft can easily be CASified. While it's sad OpenSSO is being discontinued, CAS is not an option likely to disappear any time soon. We strong recommend those considering replacing their OpenSSO system to move to CAS.

Re:Jasig CAS - OpenSSO Alternative

cas lacks proper SAML support, federations, connector for many web and application servers. If you used the old sun access manager or opensso you will see well that CAS is a toy.

Re:Jasig CAS - OpenSSO Alternative

[Simon+(S2)]

Why not use Jasig CAS instead?

CAS somehow forces an architecture on you. Other IAM proveders like OpenSSO do not, integrating with what you have without forcing you to adapt to what they propose.

Dollar value for open source assets

[Alan426]

Another way to look at this move is that open source projects have a significant dollar value, if for no other reason that the project may compete for market share with other products. One could certainly see the strategic benefit of supporting a "hard to kill" project to compete with a market leader. Now, we have an example of such a project becoming an acquisition target.

This is no different than a company which buys out their competitor for the purpose of "integrating" (e.g., shutting down) a competing product line. Luckily, unlike proprietary solutions, this project will fork back to the community and live on, albeit without Sun's corporate backing.

Source code history backed up?

[Simon80]

OpenAM appears to have simply imported a snapshot of the tree into SVN. Interested parties should probably back up the entire CVS history of OpenSSO using a tool like, for example, cvssuck, in before it is "unpublished".

What about Shibboleth?

[graphicartist82]

I'm surprised no one has mentioned Shibboleth. Shib is pretty popular in the higher-ed space. There is a bit of a learning curve when first playing around with it, but once you get it up and going, it's very powerful. It does more than just your average SSO by providing federated authentication across organizations while maintaining user security. The project page is at shibboleth.internet2.edu

Re:What about Shibboleth?

[goofy183]

Jasig CAS is another good Apache 2 licensed SSO system. Both it and Shib even include support for true N-Tier proxied authentication.

http://www.jasig.org/cas

Does that mean VirtualBox too?

Now that Oracle has its own VM solution...

OpenSSO will continue to live

[pfigura]

I've actually been involved with the OpenSSO project during the last 2 years or so, and I honestly don't think it will disappear at all. It had a very active and vibrant community which supported it, many of which have already made the jump to help ForgeRock.

On top of that, OpenSSO/OpenAM already has some terrific features. Its Agent interface is superb, the SAML engine is rock solid, FEDLETs are ahead of their time, and it even had a well documented API for integrating directly into your own application. That's not to say that OpenSSO didn't have room to expand (I found its STS service to be "finicky"), but I expect many of these issues will be addressed by ForgeRock.

I understand that Oracle already has it's own IAM suite, but I think dropping OpenSSO will be something that they regret.

OpenSSO is dead. Long live OpenAM!

Not strategic?

[Burz]

Do they want us to go from a situation where SSO in Windows is the standard on LANs, to SSO in Windows to Facebook or Windowslive servers becomes the standard in the Internet?

Because that is the direction that Microsoft is going in with what was Active Directory.

Oracle

[arrinam]

I'm new to Oracle and working in SQL plus. There are several old views that were created before my time. Top Grade Acai Extreme

Re: Maybe not

Why? MySQL is a goose laying golden eggs. Why would Oracle kill it?

Are you nuts? That fucker is full of GOLDEN EGGS!!! Haven't you heard of killing the goose that lays the golden eggs?

Geez, kids these days.

unfortunate naming

An unfortunate name choice. OpenAM translates to turkish as "Open Vagina"

Re: Maybe not

Give it 1-2 years, then it isn't as high profile any more. Support will dwindle with uncertainty, which is what will be as long as they have an obviously competing product (regardless of what they say)
Remember, they have made a 5 year commitment to "supporting" it - but there's no marketing plan other than to keep people in doubt with uncertainty.

I for one care

Damn it.

I work for a company that has their whole intranet and a great deal of their extranet build on Sun Portal Server. While the portal server itself is mostly crap, Access Manager (now called OpenSSO) is actually a great product. We had just a couple of very minor problems which were easily resolved in the last 6 years. We planned to either upgrade to Webspace or to maybe just keep OpenSSO and go for Liferay directly. There are a lot of managers who cry Sharepoint, Sharepoint but so far we were defending well and could keep that crappy thing out.

What I really hate here is that the Sharepoint faction will use this as an argument (Reason doesn't matter, FUD always works!). I see a lot of tedious discussions of how to proceed coming...

you get used to it

[unity100]

there are too many who have been brainwashed with american corporatism and deceived to believe that they too can 'make it big'.

Apache licensed alternative: WSO2 Identity Server

WSO2 has an Apache licensed identity and entitlement server that includes SSO.

Yeah sure.

You see? That is the problem with using your anecdotal eveidence and then making a statemtn based on that like if it was an undeniable fact.

In any company that is no longer small (I would say 10 people or more) having a password for every single application is simply not practical. Not only that, it is insecure.

Then what you do is looking for a central authentication solution paired with application configuration to control entitlements (not there is something fun but unsexy for the geeks: an entitlement architecutre to which any application could refer to).

If you don't do this then the "post-it" password creep becomes a real problem (eletronic password wallets are a band aid, you need a centralized version, hopefully with host authntication, to ensure that only people working in authorized machines can be authenticated).

The advantages for "Joe Six Pack" in the wider world are obvious, but since most people don't care about losing the password to their Twitter or Facebook accounts, then there is no push for personal computing to use SSO solutions.

But any complex organiztion is stupid if they are not considering this, that an open solution to this problem is struggling is a very bad thing indeed.

I'm sorry, what?

[Rysc]

Do I need to care about this at all?

I understand the value of SSO and all that stuff, but I can't say I'm an expert in the field. Can someone who knows something about SSO and OpenSSO give me an idea as to whether or not I should even care that OpenSSO has been killed?

Was it especially novel? Was it used by anybody? Did it work well? How does it compare to other, similar solutions? *Do we, the open source community, need this?*

Doubtful.

[NotBornYesterday]

Never underestimate the economic power of a vast user base, some of whom will buy support contracts, and perhaps upgrade to your flagship product in the future. OpenSSO didn't have a following (or upgrade path) anywhere near as large or lucrative, which made them vulnerable.

www.openssosupport.com

[sureshsamuel]

Everett (www.everett.nl) also supports opensso.

http://www.openssosupport.com/

Suresh Samuel

categories, regions and languages

[andreimarceanu]

Most of the directories are very general in scope and list websites across a wide range of categories, regions and languages. But there are also some niche directories which focus on restricted regions, single languages, or specialist sectors. One type of niche directory with a large number of sites in existence, is the shopping directory for example. Shopping directories specialize in the listing of retail e-commerce sites. Examples of well known, general, web directories are Yahoo! Directory and the Open Directory Project (ODP). ODP is significant due to its extensive categorization and large number of listings and its free availability for use by other directories and search engines. However, a debate over the quality of directories and databases still continues, as search engines use ODP's content without real integration, and some experiment using clustering. There have been many attempts to make directory development easier, such as using automated submission of related links by script, or any number of available PHP portals and programs. Recently, social software techniques have spawned new efforts of categorization, with adding tagging to their product pages. Directories have various features in listing, often depend upon the price paid for inclusion: Some web directory have : 23$ featured link or 12 $ regular link for life time ex: http://www.microsoftcompany.com/

Re: Maybe not

[dekemoose]

I don't see them killing Open Office, they don't have anything that competes with it and it is a minor thorn in the side to Microsoft, both things that Oracle likes. They have an SSO product, they have a database product so these would not be surprising targets for them. I'm very interested in finding out what's going to happen to OpenSolaris, I've recently been doing a proof of concept with Nexenta to replace our aging proprietary storage system and I really like it. Hard to say what tactic they'll take with that but I don't think it's going to go exceptionally well for OpenSolaris either. Oracle has been supporting Linux simply because they needed an operating system in order to supply the full stack for an enterprise solution (my estimate of what Oracle's goal has been). I don't necessarily think that Oracle will continue supporting an open source operating system if they have a proprietary one, and I think that includes OpenSolaris. So I would likely see that following the same pattern of decreased support and resources that MySQL open source will likely get as well.

OAM/Core Id is the reason

[jedilowe]

Oracle has another tool for SSO, used to be called Core Id and changed to Oracle Access Manager. It is kind of a crappy product, but does work OK. It has a terrible interface, poor deployment model, and terrible integration to app servers, but otherwise works well. I am betting this more than anything is why they are killing open sso.

Re: Maybe not

[Zandall]

Maybe you didn't read the MySQL licence... "Sun makes its MySQL database server and MySQL Client Libraries available under the GPL for use with other GPL-licensed software and FOSS applications licensed under GPL-compatible FOSS licenses. In addition, for open source projects and developers creating and distributing open source software under certain FOSS licenses other than the GPL, Sun makes its GPL-licensed MySQL Client Libraries available under a FOSS Exception that allows distribution of the FOSS application with the MySQL Client Libraries without causing the entire derivative work to be subject to the GPL." and keep reading it at MYSQL site
Any software project that does not fit in the above description must pay a licence.