It's been a few years since Kim Cameron presented the Identity Metasystem around the concept of "Claims". If you've been following Kuppinger Cole you know how positive we have been about this framework. Years later, Claims are a reality, and there are multiple platforms out there that support using them. We have been advocating the adoption of the Identity Metasystem's concepts, and whilst not endorsing any particular platform per se, we acknowledge that there are several products out there that support this today. From our customers we often hear questions regarding the feasibility, questions about the approach and of course best practises for implementation. Naturally, there are questions around the software development cycle as well: do applications need to be fundamentally rewritten, or written differently to make good use of the identity metasystem? What should developer keep in mind to make their lives easier? How can applications be written to ease privacy and security?
I'm kicking off this new year with a brand new webinar series where we will focus on practical issues and implementation details. The Identity Metasystem is here today, and it's here to stay, so let's take advantage of it and unlock its potential. Without endorsing any product by itself, we'll be looking at practical implementations - and indeed, products - to see how developers can harness the power of the Identity Metasystem today. Together with implementation tips, these webinars will feature good practises, and our guests are real experts in their particular implementation.
This format of this series is different from our regular webinars - they are not meant for decision makers, but for developers, architects and administrators, and therefore technical in their nature. If you're interested in the topic and if you don't mind seeing some tidbits of code thrown in there, then this is definitely for you. We're extending an open invitation for open source projects and vendors - not to showcase their products - but instead show how developers can use their APIs and services. Of course I have a side agenda here as well ;-) What I am hoping is that in the end this will promote interoperability - we're sure that there are some similarities in APIs and services, and hope that vendors will standardise - as users learn more about about these, they'll put vendors under pressure to standardise their APIS and services :-)
Our first guests in the first webinar will be Dr. Steffo Weber and Abdi Mohammadi from Sun Microsystems. On Thursday the 14th of January at 17:00 MET (16:00 BST, 11:00 EST, 8:00 PST) they will show how us to harness Sun's OpenSSO authentication and authorization mechanisms programmatically from any application (web applications, fat clients etc) via the following mechanisms:
- HTTP headers - REST based web-service - SOAP based web-service - OpenSSO's proprietary SDK
Steffo will demonstrate how to retrieve arbitrary user attributes from within a programme that is almost agnostic when it comes to technical details about the actual access management platform infrastructure (in this case, OpenSSO). Thus, using OpenSSO's identity services does not require much knowledge about OpenSSO. In fact, it is easier to retrieve information from OpenSSO than e.g. from LDAP. Moreover, it can be used from any framework (Java, .Net, PHP, Ruby on Rails - you name it).
Steffo studied Computing Sciences in Bonn and Dortmund, Germany and holds a Ph.D. in theoretical computer science. He started as a security specialist at debis IT Security Sevices in 1997. In 2000 he started working for Sun Microsystems, and is an expert on highly scalable web environments, IT security and cryptography as well as identity and access management. Apart from being very knowledgeable in the field he is also an excellent speaker and has presented at our European Identity Conference last year together with his colleague Abdi Mohammadi.
Abdi is a Principal Field Technologist at Sun. With more than 20 years of industry experience, he has been responsible for the architecture, design, end-to-end testing and optimization of Internet facing infrastructures as well as providing business strategy assistance to some of Sun's largest and most strategic customers. Currently he is focused on directory, access management and messaging solutions at Sun.