This post is a continuation of a series analyzing Sun/Oracle acquisition in the context of identity and access management. Read the Identity Administration article if you want to start from the very beginning.
Access Management. Oracle has quite a few pieces in this bucket but only three of them have a counterpart in Sun's world: Oracle Access Manager (OAM), Oracle Identity Federation (OIF) and Oracle Web Services Manager (OWSM). Sun's OpenSSO product contains web and federated single sign-on capabilities along with a bit of web services security. Oracle fields three separate products to answer the same needs - Access Manager is web SSO, Identity Federation is federated SSO and Web Services Manager is web services security. Sun's roadmap for OpenSSO includes a fine-grained authorizations capability built into web SSO and this capability would partially compete with Oracle Entitlement Server (OES). (I say to an extent because OES can handle fine-grained authorization service for a wide variety of clients, not just web apps).
First, let's deal with the easy one. Web services security pieces in OpenSSO do not hold a candle to Oracle's Web Services Manager. Also, putting web services security into an SSO product is suspect but Sun did not have a choice. Oracle did the right thing by letting OWSM play in both identity and access as well as SOA/services sandboxes since the challenges being solved are right on the borderline between services and access management. I see web services security being extracted from OpenSSO and sent to sleep with the fishes; OWSM has plenty of firepower to deal with web services security.
This leaves federation and web SSO. On the federation front, Sun has shown an ability to innovate so I think there's definitely some pieces worth saving, e.g. fedlets and UI-driven task flows. Having said that, I don't see Oracle keeping federated SSO pieces inside a single product and I can speak from the perspective of having addressed this issue with customers. Most customers start with web SSO, few start with federation. Certainly federation is a goal of customers who deploy SSO internally, learn about its pros and cons and generally like what they see so they want to move on to the next stage. If such a (typical) customer was confronted with a decision of whether to buy one product that contained both web SSO and federation features (and pay 100 dollars) or buy one web SSO product now (50 dollars) and federation product later (50 dollars), most customers would opt for the latter (at least in this economy) The overlap between OpenSSO federation and OIF is sizeable. If there are technology gaps between OIF and OpenSSO where OpenSSO is superior, I think they'll be closed in OIF. Same goes for web SSO. Eventual fate of OpenSSO is to be chopped up and sent to sleep with the fishes (42.79 probability)
Another option is that Oracle (after harvesting the juicy bits) will release (or simply let continue) the remaining pieces to Open Source while offering a migration path from there to commercial Oracle products. In some sense, this would be a wise move, especially if a few resources are committed to supporting these projects so that it doesn't seem like a joke. Lots of positive PR, little downside. Sun customers that liked the allure of Open Source could try and continue with now-discontinued Open Sourced Sun products, only to discover that having the source does not imply you have the muscle to "own" it. Their recourse would be to run right back into the welcoming arms of Oracle that could offer them a migration package.
Next step: directory services.
The rise of Suncle: Access Management
by Deborah Volk on April 20th, 2009
Posted in Sun OpenSSO, Access Management, Oracle Access Manager, Business Perspective, Oracle Identity Federation, Oracle Web Services Manager Tagged with opensso, oam, oif, owsm, suncle
Leave a Comment
Access Management (19)
Ask Identigral (6)
Change Management (10)
Data Quality (4)
Identity Management (27)
Passlogix v-GO (3)
Sun OpenSSO (3)
Sun Role Manager (3)
11g 3rd bday JavaOne SAML academia accuracy active directory adapters administrative agilent ask identigral attestation audit bpel bpmn bpm business case cdi cloud computing connectors contextual search data masking data quality deployment dip entitlements federation gartner groups gtc guests insider threats insider threat java jca jms lifecycle limericks linux mashup mdm messaging migration nabaztag oaam oam oas obiee oc4j oel off-boarding ohs oid oif oim oow09 opensso operations osso ovd owsm passwords patching performance phi privileged accounts provisioning queues reconciliation risk rocks rogue accounts rsa10 semantics siem sim sjsds sod solaris suncle thermodynamics twitter virtual reality vpd waveset webinar whitepapers