Sun to open-source single sign-on code

Company will release code for single sign-on technology for use within one organization, but will keep federation technology closed.

Joris Evers
Joris Evers Staff Writer, CNET News.com
Joris Evers covers security.
2 min read
Sun Microsystems plans to release part of the blueprints of its Java Access Manager single sign-on product to the open-source community, it said Wednesday.

The company will release the source code to its Web authentication and Web single sign-on technology as part of a new project called Open Web Single Sign-On (Open SSO), Sun representatives said. The release also will include software hooks to the Sun Java System Web Server and Sun Java System Application Server, they said.

Web single sign-on makes it easier for users to log into multiple Web applications with one set of credentials and simplifies password management for organizations.

The code Sun is releasing is meant to enable single sign-on only inside a single organization; it does not support federation across organizations.

Sun's source code release gives Java developers at enterprises or software makers the ability to support single sign-on technology in their applications, said Sara Gates, Sun's vice president of identity management.

"We are giving developers this authentication and Web single sign-on technology so that they don't have to develop it themselves," Gates said.

With the basics of including single sign-on in applications handled, developers can move on to working on actually implementing the technology, Gates said. This would include making it work inside a company as well as federating across partners. Federation is in early stages of adoption, according to analysts.

Sun sells software--called Java Access Manager, Federation Manager and Identity Manager--that can help organizations take the next steps in single sign-on. Although the technology Sun is sharing is not tied to those products, it will work with software from other vendors such as BMC Software, Computer Associates International, Hewlett-Packard and IBM, according to Gates.

Sun claims it is the first identity management vendor to open source its proprietary single sign-on code. There is, however, an open-source project called Java Open Single Sign On. Sun believes its technology is superior.

"This is the first commercial grade Web single sign-on technology that is being put in the open community," Gates said. Companies that have purchased Sun's technology include Deutsche Telekom, which bought 80 million licenses for Web single sign-on from the Santa Clara, Calif., company.

Sun's move is not a significant step from the overall market standpoint, according to Jonathan Penn, a principal analyst with Forrester Research. "Web single sign-on is a market of healthy but stable size, and this won't change things," he said.

The source code will mostly give developers a way to integrate with Sun's Java Access Manager, Penn said.

The first source code as part of the OpenSSO project is due out in the fourth quarter, with full release slated for the spring of next year, Sun said. The code is being released under Sun's Common Development and Distribution License, the same one it is using for the open-source release of the Solaris operating system.