The rise of Suncle: Access Management
by Deborah Volk on April 20th, 2009

This post is a continuation of a series analyzing Sun/Oracle acquisition in the context of identity and access management. Read the Identity Administration article if you want to start from the very beginning.

Access Management. Oracle has quite a few pieces in this bucket but only three of them have a counterpart in Sun's world: Oracle Access Manager (OAM), Oracle Identity Federation (OIF) and Oracle Web Services Manager (OWSM). Sun's OpenSSO product contains web and federated single sign-on capabilities along with a bit of web services security. Oracle fields three separate products to answer the same needs - Access Manager is web SSO, Identity Federation is federated SSO and Web Services Manager is web services security. Sun's roadmap for OpenSSO includes a fine-grained authorizations capability built into web SSO and this capability would partially compete with Oracle Entitlement Server (OES). (I say to an extent because OES can handle fine-grained authorization service for a wide variety of clients, not just web apps).

First, let's deal with the easy one. Web services security pieces in OpenSSO do not hold a candle to Oracle's Web Services Manager. Also, putting web services security into an SSO product is suspect but Sun did not have a choice. Oracle did the right thing by letting OWSM play in both identity and access as well as SOA/services sandboxes since the challenges being solved are right on the borderline between services and access management. I see web services security being extracted from OpenSSO and sent to sleep with the fishes; OWSM has plenty of firepower to deal with web services security.

This leaves federation and web SSO. On the federation front, Sun has shown an ability to innovate so I think there's definitely some pieces worth saving, e.g. fedlets and UI-driven task flows. Having said that, I don't see Oracle keeping federated SSO pieces inside a single product and I can speak from the perspective of having addressed this issue with customers. Most customers start with web SSO, few start with federation. Certainly federation is a goal of customers who deploy SSO internally, learn about its pros and cons and generally like what they see so they want to move on to the next stage. If such a (typical) customer was confronted with a decision of whether to buy one product that contained both web SSO and federation features (and pay 100 dollars) or buy one web SSO product now (50 dollars) and federation product later (50 dollars), most customers would opt for the latter (at least in this economy) The overlap between OpenSSO federation and OIF is sizeable. If there are technology gaps between OIF and OpenSSO where OpenSSO is superior, I think they'll be closed in OIF. Same goes for web SSO. Eventual fate of OpenSSO is to be chopped up and sent to sleep with the fishes (42.79 probability)

Another option is that Oracle (after harvesting the juicy bits) will release (or simply let continue) the remaining pieces to Open Source while offering a migration path from there to commercial Oracle products. In some sense, this would be a wise move, especially if a few resources are committed to supporting these projects so that it doesn't seem like a joke. Lots of positive PR, little downside. Sun customers that liked the allure of Open Source could try and continue with now-discontinued Open Sourced Sun products, only to discover that having the source does not imply you have the muscle to "own" it. Their recourse would be to run right back into the welcoming arms of Oracle that could offer them a migration package.

Next step: directory services.

Posted in Sun OpenSSO, Access Management, Oracle Access Manager, Business Perspective, Oracle Identity Federation, Oracle Web Services Manager    Tagged with opensso, oam, oif, owsm, suncle


Matt Carter - April 21st, 2009 at 9:55 AM
I expect that Oracle will leverage OpenSSO's Secure Token Service (STS).
Leave a Comment

2012 (1)
2011 (2)
2010 (2)
2009 (64)
March (11)
April (18)
May (18)
June (4)
July (1)
August (1)
September (5)
October (5)
December (1)