Sun has just announced a revamp of its business model around its access management products. Previously, Sun had maintained its Access Manager product as the official commercial release available for customers who wanted a stable product with support. In parallel, OpenSSO was the development branch of what would eventually become Access Manager in a subsequent release. Whilst OpenSSO was free to download and use, it was not supported in the same way as Sun’s Access Manager.

Sun has now changed its model for OpenSSO and Access Manager. Customers with a valid contract will now receive the same support for either OpenSSO stable builds or the commercial Access Manager software. Both are the identical code base – as was already the case previously – but have different release cycles: whereas the OpenSSO stable builds are release every three months, Access Manager has a release cycle of not more than once per year. This allows customers to choose freely whether to opt for innovation or commercial release – or even a mixture of both.

Kuppinger Cole was briefed last Tuesday by Sun’s Daniel Raskin who talked about how customers are using a mixture of OpenSSO and Access Manager in current environments to stay ahead of the innovation curve, and how they now benefit from support for both versions. In order to receive support, customers must either purchase a perpetual license, a Sun Identity Management Suite subscription or a Java Enterprise subscription.

As the saying goes, the only constant thing is change – and with Sun that is even more true with the names of their products. OpenSSO stable build will now be called “OpenSSO Express” and rumour has it that some more renaming exercises are coming up. Sun has also made an announcement regarding its “Fedlet” – a small, light-weight federation solution for endpoints (also called “service providers” or “resource partners”). Fedlet will be fully supported for all partner organizations as long as they are connecting to a supported OpenSSO Express/ Access Manager. For example, if an enterprise has a supported version of OpenSSO Express or Access Manager, then Sun will support all partners that use Fedlet for connecting back to that access manager without extra charge.

The development of OpenSSO is lively, and the product has improved dramatically over the years. When Sun yanked out the access management part from its portal server to release it as a separate product, Access Manager was still very rough around the edges. Continuous improvements and investment especially on the federation side enabled Sun to narrow the gap to other access management vendors. Sun eventually decided to open source the development of access manager through OpenSSO. Released under the Sun community license, this was planned as an effort to entice other developers to participate in the OpenSSO effort.

The initial teething problems have long been overcome - specifically the limited amount of “committers” – i.e. trusted people that revise code changes and contributions received from contributors and either reject or commit those changes to the code base. In the beginning, all committers where Sun employees who did the “committing” in their rare spare time, which meant that it could take a long time for bug fixes and code contributions from external sources to be approved. Nowadays, the OpenSSO project has around 60 committers, 10 of them being external, i.e. non Sun-employees. The community and Sun engineers now have a reputation for being quite responsive in helping community members while in development.

Kuppinger Cole believes that in principle, open-sourced development has large advantages for customers. The hybrid approach of an innovative version with a short release cycle in parallel to a commercial release with a longer release cycle works very well when both are supported equally and enterprises can choose freely. The number of developers and the ability to contribute also gives enterprises peace of mind. Last but not least, several large enterprises have made very positive experience with a bottom-up approach to access management with OpenSSO. We therefore consider OpenSSO Express/Access Manager to be a safe product investment, when the features match the specific business needs.

So what’s the catch with this new model? The change brings large benefits for customers that have invested into the technology as they can now choose to be more innovative through OpenSSO and even contribute directly. It also makes it easy for companies willing to experiment with the products as they can use and even deploy them free of charge – even in production environments. Once official Sun support is required, the products can then be licensed. If companies decide to rely on the community support instead, there is no charge. So what about the price if a company wants professional support for OpenSSO? There are several modalities available from Sun, either through subscriptions or perpetual licenses.

Here is however where we believe lays a potential issue that Sun must address. Since the use of the software is free, what are companies paying for? If it is only support, then the cost for the support must be in relation to what is being delivered (namely, support, and nothing else). If a company must pay on a per-employee basis for a license or a subscription, then the real cost of the support can easily be significantly higher than what another company pays for exactly the same support. It is therefore now up to Sun to clarify and justify the pricing model for its access management product line. Otherwise in the future, other companies might even compete with Sun by offering third-party support for OpenSSO.

According to Sun, the OpenSSO community primarily consists of enterprises or large organisations that are implementing enterprise scale solutions. When it comes to price those organisations weigh the cost of buying a license versus the cost of hiring internal resources to manage their deployment without Sun support. Sun claims that its pricing is less expensive then the alternative of doing it on their own.

This new announcement is a very good step forward for Sun’s customers. Sun itself is likely to capitalise on the new market share that will be generated as customers are enticed by this new model. Customers have the best of both worlds – a very innovative product with a large and active engineering base, together with professional support. Sun now needs to demonstrate that the pricing options for professional OpenSSO Express/Access Manager support are in line or better than what organisations would pay when using similar products from other vendors.