Sun Microsystems plans OpenID security programme

Source: Sun Microsystems

Expanding its commitment to deliver secure web-scale identity management solutions, Sun Microsystems, (NASDAQ:SUNW) today announced a new initiative around support for OpenID, a decentralized, web-friendly single sign-on mechanism that allows consumers to reuse a single login across different websites, tackling the "login explosion" problem.

OpenID is currently limited to facilitating low-risk transactions such as blog comments. Through its new initiative, Sun is exploring what changes and practices are needed to make OpenID applicable to a broader spectrum of business and IT challenges. The company will actively encourage participation from customers and technology partners through a series of activities and real-life implementations that are initially driven by Sun's Chief Technologist's Office.

"We're excited about finding ways to augment the use of OpenID with technologies that fill out the rest of the identity picture - meeting web users' needs for autonomy and convenience while making it easy for web businesses and communities to meet stringent security and privacy obligations," said Jim McHugh, vice president of software infrastructure marketing, Sun Microsystems. "Sun has been participating actively in the community dialogue around OpenID and related technologies, and sees great potential for OpenID's use alongside enterprise-ready software infrastructure."

As enterprises increasingly open up access to data and services to wider audiences and improve usability, the use of a decentralized technology like OpenID will be an appealing way to manage account proliferation. Integration with existing deployments, which often involve enterprise-ready technologies like SAML and the Liberty Alliance's Identity Web Services Framework will become an essential consideration. Sun is working with customers and partners to combine and converge these technologies to maximize effectiveness.

In order to explore the boundaries of OpenID as a trust system, Sun is offering an OpenID Provider service to its 34,000 employees. People using Sun- based OpenID identifiers at an OpenID-accepting website can convey in this simple and secure manner that they are indeed Sun employees, a piece of information that can enable access to employee discounts and unlock other special services all across the web. Sun will work with partners to extend special services on this basis.

The Sun OpenID Provider is built using OpenSSO, the open-source project that is providing the basis for the Sun Java System Access Manager and Sun Java Federation Manager products, as well as OpenDS, the open-source project that is providing Sun's next-generation directory services. Both of these projects now include OpenID extensions.

Sun will also determine how to OpenID-enable its own websites in an appropriate manner, as well as how best to add valuable OpenID support to additional products and platforms, such as the Sun Web Developer Pack.

Comments: (0)