open source identity management
April 17th, 2008 — AuthN, Directory, Penrose, Use Case
Penrose 2.0 ships OpenDS, MINA, FedoraDS, and ApacheDS as Penrose’s LDAP Service Providers (SP). OpenDS SP is now enabled by default in Penrose 2.0. We have put together a presentation below to describe how we integrate OpenDS into Penrose. We will be co-presenting with Sun at JavaOne/CommunityOne 2008 next May. Here is a portion of our presentation.
September 27th, 2007 — AuthN, Penrose, Use Case
Penrose can be use to provide an account lockout to block password guessing attack. Most directory servers aren’t equipped with this type of functionality. You will need to download our Penrose 2.0 nightly build to do this. Checkout the detailed configuration after the jump.
December 20th, 2006 — AuthN, Directory, Penrose, Use Case
How does virtual directory relate to single-sign on solution ? Why do you need a virtual directory when you have SSO ?
They say a picture is worth 1,000 words. So here are four pictures for you.
Picture 1: before SSO
Picture 2: After SSO
As you can clearly see, an SSO solution removes multiple authentications so that a user doesn’t need to type (present) his credentials every time he accesses an application.
The nature of SSO implies that there will be only one central repository for user information and credential, preferably within an LDAP server. So, any additions, modifications, etc. of user information and credentials will have to be performed within this central store.
The reality is far from this simple concept, as described in this excellent blog from Radovan’s single directory paradigm.
This is where virtual directory technology comes to the rescue.
Picture 3: Here’s the picture before a virtual directory
Picture 4: Here’s after a virtual directory
The ultimate goal of a virtual directory is to create a single account (virtualized/centralized) for a user, which is obviously a real improvement.
Single account (end goal of a virtual directory) is not equal to single authentication (end goal of an SSO solution).
Make sense? Please feel free to chime in.
October 2nd, 2006 — AuthN, Open Source
April 28th, 2006 — AuthN
Triplesec, a strong authentication project from Safehaus, has been accepted for JavaOne 2006. Here is the session’s link - Mass Market Two-Factor Authentication Using Java™ ME and Java EE Technologies
UPDATED: Triplesec team has been busy cranking out code and demo preparing for JavaOne. Check out their latest demo. The free SMS account explanation is here.
UPDATED: JavaOne Presentation is now available.
