PS2009 — Sun Luncheon

Feb 3rd, 12:15pm

Lunch by invitation, and I was fortunate to be invited to dine with Sun:

Warren Strange, Senior Identity Architect
Everyday Identity Federation — Federated Identity Management is no longer science fiction!  In this luncheon we will explore how Federation is being used to solve real business problems. We will present a short case study showing how Sun Microsystems and Hewitt use federation to provide a better user experience. We will also behold the power of the mighty Fedlet!

Warren Strange provided a lunch-time talk on Sun’s OpenSSO identity provider/federation solution.  A key feature of this solution is its ability to rapidly deploy federation to smaller Service Providers (SPs) who may lack extensive infrastructure or expertise.  The product, running as an Identity Provider (IdP), allows the organization to create a small, customized ‘Fedlet’ file that can be easily deployed to provide federation capability to the SP.  While not a fully functional federation solution, the SP will at least be able to accept claims from the IdP without having to execute and manage a complex implementation. 

The second part of the presentation was an illustration of single and transparent sign-on between Sun’s employee portal and Hewitt, their HR partner.  This solution allows easy access to Hewitt by Sun staff over the web, using the same credentials they use to access the employee portal.  

During the project, the main challenges encountered included:

  • provisioning/de-provisioning of user accounts;
  • single logout; and
  • access control and audit logs (for reporting).

Of interest: because Hewitt already had an outsource relationship with Sun, the contractual agreement that was required to establish this federation was minimal.  This is in contrast to many warnings I’ve heard about the legal agreements for federated identity being difficult to negotiate.

Mike

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: