Oracle Shuttering OpenSSO 128
mdm42 writes "OpenSSO is one of the best open source web Single Sign On projects out there. Sun Microsystems made OpenSSO open source in 2008, so it's sad to see how, after absorbing Sun, Oracle is shutting down this amazing project, labelling it 'not strategic' and dismembering the few parts they think are worthwhile for their own SSO effort. They started by freezing the next express release, and during the last few weeks they have been removing all the open source downloads from the OpenSSO website and removing content from the wiki. Fortunately, a Norwegian company called ForgeRock has stepped up to the plate in an attempt to salvage the project under the new name OpenAM."
MySQL next? (Score:4, Interesting)
Sadly, probably yes...
Re: Maybe not (Score:4, Insightful)
Re: Maybe not (Score:4, Interesting)
I think it is more likely they would provide much less support and engineering resources for it going forward, leaving it to the community outside of Sun to keep it feature and bug competitive.
Pretty much what I meant...but a fork surely won't be as credible with the corporate suits as a product with Sun behind it.
Shame, MySQL & Ooffice are both great products IMHO.
Maybe a white knight (with a Red Hat?) will take it over, but I'm sure if they're too successful than Larry will find a way to stymie it...
Re: (Score:2)
I don't see them killing Open Office, they don't have anything that competes with it and it is a minor thorn in the side to Microsoft, both things that Oracle likes. They have an SSO product, they have a database product so these would not be surprising targets for them. I'm very interested in finding out what's going to happen to OpenSolaris, I've recently been doing a proof of concept with Nexenta to replace our aging proprietary storage system and I really like it. Hard to say what tactic they'll take wi
Re: (Score:3, Funny)
Re: (Score:3, Insightful)
Why? MySQL is a goose laying golden eggs. Why would Oracle kill it?
They will charge for the support and engineering, just like Trolltech and Sun did.
Re: (Score:3, Insightful)
Once you go opensource, you can't go back.
Re: (Score:1)
Re: (Score:1, Funny)
Why? MySQL is a goose laying golden eggs. Why would Oracle kill it?
Are you nuts? That fucker is full of GOLDEN EGGS!!! Haven't you heard of killing the goose that lays the golden eggs?
Geez, kids these days.
Re:MySQL next? (Score:5, Insightful)
Re: (Score:3, Informative)
Apropos -- Oracles acquisition of Sun for russian regional representations approved by russian Federal Antimonopoly Service of the Russian Federation at 19 March.
The main condition of this approvement -- 4 years of MySQL support & development and saving of Open Source status of this project.
You may found this verdict at agency site (unfortunately only on Russian now ;) :
http://www.fas.gov.ru/merger/decisions032010/a_29515.shtml
Re: (Score:3, Funny)
http://www.fas.gov.ru/merger/decisions032010/a_29515.shtml
I ran that link through Google Translator, and it came back with: "All your queries are belong to us" and "MySQL will be renamed OurSQL".
Re: (Score:1)
Re:MySQL next? (Score:5, Insightful)
Gee, if only we had PostgreSQL doing just fine as an alternative, then I wouldn't mind so much if MySQL went away.
Re:MySQL next? (Score:4, Informative)
And don't forget Ingres, SQLite (which is good enough for a lot of low-bandwidth stuff that MySQL has historically been used for), Drizzle (MySQL fork), and probably at least a half dozen others....
Re: (Score:2)
Yeah. sqlite is AMAZING.
pseudo (my project for a thing like fakeroot, only more bulletproofed) uses sqlite as its backend, and it's been a dream to work with.
Re: (Score:2)
Yup. :) I have done a bunch of small pet projects w/my work using sqlite and it's been awesome.
For quick and dirty data-processing tasks, it's a god-send.
Re: (Score:2)
The problem is with stuff that is already built on MySQl, and the availability of MySQL. All the low end CMSs use MySQL, so do quite a few big ones. ALl the cheap web hosts offer MySQL.
MySQL is also, IMO, easier to learn.
Re: (Score:1)
Re: (Score:1)
Of course I'm really not going to start liking Ora
Re: (Score:1, Funny)
Sadly? Perhaps it'll force people to use a proper database like Access or SQL Server.
Doubtful. (Score:2)
The Sun Also Sets (Score:3, Insightful)
Re: (Score:1, Interesting)
Why can't Oracle just leave OpenSSO open source but no longer maintain it? Why the need to rename the project or software? I hope the management at Oracle and the former Sun roast in Hell.
Re: (Score:3, Interesting)
Re: (Score:3, Funny)
Because they want to monazite any parts of it they can pilfer.
They want to mine rare earths [wikipedia.org] from their software?
Re: (Score:3, Funny)
Re: (Score:3, Interesting)
Is it? Or is OpenSSO simply inconsequential?
I've never understood the appeal of SSO solutions. Joe Sixpack doesn't give a damn. It's never been made simple enough for him to "get". A handful of geeks may think it's awesome. But the rest of the real world doesn't care.
Snoracle is probably totally safe with this.
Re: (Score:3, Interesting)
Yeah, I'll second this. We thankfully have an SSO solution at our company, and everybody seems to love it. I'm myself not an "average user", but even I would probably kill myself in short order if I had to manually enter my credentials every time I accessed on of our internal systems. And not only it's more convenient, it's also probably more secure, since users don't need to have a bunch of post-it notes with passwords stuck to their monitors.
Re: (Score:3, Interesting)
Most SSO in organizations I've ever seen seem to work by connecting the user directory to Kerberos, and use that for authentication to everything. Depending on how well IT department set up token forwarding, you may need to enter your credentials to access many systems, but everything in the company, from signing into the Windows Domain, to authenticating to the database uses Kerberos, so you have exactly one password to remember.
Re: (Score:2)
Fair enough, but Kerberos can be used as the basis of real SSO if done right. For example, Firefox, shh, and many other utilities can be configured to forward Kerberos tokens to avoid needing to sign in to the remote machine. Window's own AD based Domain architecutre allows access to other Windows machines without authenticating even if Kerberos was not configured, so that will not need multiple sign ons.
If done right, one would not need to sign in more than once unless doing something really unusual. If on
Re: (Score:2, Informative)
I agree - SSO is nice when it's done properly. But unfortunately, I work for Oracle.
And Oracle has what ~they call an SSO~ for most of their internal stuff, but it isn't really. I.e. it's the same credentials but you have to separately enter them on every freaking page. Webmail? Enter your SSO. Procurement? Enter your SSO. Timesheets? Changing your employee details? You get the idea.
What's worse is that on top of this there's still a handful of systems that don't use the SSO, like the IP phone consoles and
Re: (Score:2)
Why because Oracle canned a crappy Single Sign on Product which pretty much only integrated with Sun's other equally shitty server products?
I love Java and I love the standards which Sun developed to create it, but Sun's implementations of their own standards are pretty shocking. That's a lot of the reason they tanked in the first place.
This is the way of MySQL too? (Score:5, Interesting)
This may be a test to see if they get attention for shutting down an open source project they inherited in order to also in the long run do the same to MySQL and possibly also other OpenSource projects.
Re: (Score:3, Insightful)
Well, considering, there is no official announcement from Oracle that they are pulling OpenSSO from their product lineup. This article/blog entry is mere speculation.
Re: (Score:3, Insightful)
Information on the Wiki being removed, all of the 'opensource' versions removed for download, all updates to the same removed, leaving only the pay "enterprise" version avaliable?
Let me guess, in a previous life you worked in Baghdad handing press announcements concerning the Allied troop advances for the Iraqi government.
Re: (Score:2, Interesting)
Well, considering, there is no official announcement from Oracle that they are pulling OpenSSO from their product lineup. This article/blog entry is mere speculation.
No, not "speculation", rather "observation".
Re: (Score:2)
Currently using OpenSSO on a product, I've seen that Oracle has removed more and more (now including the Wiki content it seems) from the project.
This is going to be one in a long line of project cancelations.
SPARC (Score:1)
Will see the same fate.
Re: (Score:2, Interesting)
Losing SPARC doesn't make much sense for Oracle. They already are closing down their x86 business and all the talk from them has been about investing in / focusing more on their SPARC (read more expensive) integrated system offerings
Re:SPARC (Score:4, Insightful)
SPARC is strategic. It gives Oracle an opportunity to provide a whole hardware and software stack.
Re:This is the way of MySQL too? (Score:5, Insightful)
Or it could be that no one actually gave a shit about OpenSSO outside a very small group of people.
Its funny that everyone assume Oracle is being evil when a simple bit of common sense makes it pretty clear that its a waste of resources from pretty much every perspective to Oracle.
Re:This is the way of MySQL too? (Score:4, Insightful)
Just like MySQL? I can't see the business case that will cause Oracle to keep MySQL around. A low-end version into the DB market? Just slap a few limitations on an actual Oracle DB, and presto - low-end version with a trivial upgrade path to "the real thing."
Re: (Score:2, Informative)
Which is why you probably aren't a business man. MySQL still has plenty of people who are loyal to the MySQL brand and will continue to use it, whether it's Sun or Oracle who's owning it. Anyway Oracle already has a version of their database you can use for limited use.
Re: (Score:2)
I don't think it's the brand that brings people to mysql. You can't just drop in replace one DB with another in most cases.
IMO there are a few reasons people use mysql
1: it's free (as long as you don't try to link it into a commercial app)
2: it's included with almost every linux distro and linux based webhosting package
3: nearly all webapps are built to work with it.
IMO the most sensible thing to do would be to stagnate but not kill mysql while at the same time using code from mysql to build a mysql compati
Re: (Score:1)
CREATE TABLE ... ENGINE=ORACLE would be a great April 1 joke.
Re: (Score:2)
Funny thing, Oracle seems to see business cases where other people don't. They bought RDB, SleepyCat, InnoDB, all of them database products that have zero synergy with their existing database. All have flourished under Oracle; in the case of RDB (which was originally for the VAX [wikipedia.org], and still only runs on HP's DEC legacy platforms), Oracle's support is the only thing that has kept the product alive.
Whenever Oracle acquires another company, there's always somebody claiming that they bought it just to shut it do
Re: (Score:2)
Well the issue is that Oracle doesn't scale down very well. All that power and all those features come at a pretty hefty price tag in terms of disk space, memory and CPU. According to the DBA guys, setting up a new Oracle instance at work takes about 10 GB of SAN space without even adding any data to it. Not the kind of thing you'd do lightly if you didn't need any of that power, even discounting cost.
Re: (Score:2)
A new Oracle instance takes up about a half a meg for control files and probably 30 megs for system tables et al. At least it did with version 8. I can't see version 11 having bloated to 10 GB, that's truly insane.
You're right about it not scaling down, though, and you missed the key resource: dollars. You can't put an Oracle db on a powerful webserver (at least not on Solaris) to say, serve up a few hundred web accounts for anything less a bajillion dollars. Unless they have changed licensing in the last
Re: (Score:2)
I only know what the DBAs quote me, I'm not a DBA and I have pretty much zero interest in being one. I do some database design for my application development role, and I can do basic administration for SQL server, but actually setting up Oracle is black magic as far as I'm concerned.
Re: (Score:1)
Re: (Score:1)
Re: (Score:3, Insightful)
Re: (Score:2)
OpenID is not an SSO service. It is more like an authentication protocol and somewhat orthogonal to something like OpenSSO.
eg here is an OpenID extension for OpenSSO:
https://opensso.dev.java.net/public/extensions/openid/ [java.net]
Re: (Score:1)
Re: (Score:2)
Re:This is the way of MySQL too? (Score:5, Insightful)
As a Snorkel employee (Sun->Oracle) I'll add a simple comment. If it isn't profitable or strategic, it will be shuttered or turned loose to the community to support. It is *as simple as that*.
Not strategic? (Score:2)
Do they want us to go from a situation where SSO in Windows is the standard on LANs, to SSO in Windows to Facebook or Windowslive servers becomes the standard in the Internet?
Because that is the direction that Microsoft is going in with what was Active Directory.
Re:This is the way of MySQL too? (Score:5, Insightful)
Reality check: Nobody buys a company and just carries on because unless it was really mispriced in the market, you've gained nothing. You might as well have put the money in a stock fund. In closed source companies this means projects get canceled, reprioritized, product portfolios are aligned and they search high and low for the claimed synergies they were supposed to get. What happens in open source companies? Exactly this same. There's been quite a few of these stories now and they're all full of trivial projects and tin foil hat conspiracy. I just checked Digg and THEY got better stories than this. I'm quite the geek but still... stuff that matters. Or is at least cool, interesting or funny in a nerdy way. But not "Minor corporate politics" for 100$, I'll pass Alex.
Re:This is the way of MySQL too? (Score:4, Insightful)
The information asymmetry involved in technology make it a very lucrative place to be. A vast majority of people don't understand the differences between Windows and Linux, much less the difference of open and closed source.
Oracle is determining what parts of Sun are profitable, and planning to abandon the parts that are not. The abandonment of unprofitable Sun products will be touted as their commitment to open source. The privatization of Sun products will be touted as their commitment to innovation, or some other meaningless phrase.
If it makes you feel any better, that was also the policy of Sun. And Microsoft. And Apple. If you are ever on the wrong side of a profit equation for a company, you will be screwed. This is as certain as death and taxes.
Re: (Score:2)
Actually, the fact that Oracle is slashing and burning stuff immediately after an acquisition seems like a pretty good indication that this really wasn't the S.O.P. for Sun, which may explain why they had to accept a buyout to stay afloat....
Re: (Score:2)
Or potentially profitable. Sun has some good products that don't do as well as they might, due to inept management and marketing.
Re: (Score:2)
Proprietary product, anyone? (Score:2, Insightful)
OSS FTW... (Score:1, Insightful)
Re: (Score:1, Insightful)
OpenSSO isn't trademarked by Oracle/Sun (Score:3, Insightful)
OpenSSO is not a trademark of Oracle/Sun, you can see a list of trademarks for Sun at http://www.sun.com/suntrademarks/ [sun.com]
Re:OpenSSO isn't trademarked by Oracle/Sun (Score:4, Insightful)
It's not a registered trademark. You have plenty of rights over a mark even when you haven't registered it.
not strategic (Score:1, Flamebait)
Well of course not. If it doesn't make Oracle money, it will be gone.
OpenAM? (Score:3, Funny)
Risks and Benefits of OSS (Score:5, Insightful)
As much as this is a bummer, it's actually a great example of the OSS model at work.
If this was a closed source solution, where the company got acquired and the product wasn't strategic, the solution would just be gone.
With OSS though, another company - for whom the solution is strategic - can step in and pick up the project.
Re: (Score:3, Interesting)
Yea, and pretty much any time some propritary software package is terminated, it is almost certainly available for sale to someone else so it can be taken over if its worth it to someone.
The reason it doesn't happen is because the projects that get cut are the ones that no one cares enough about to continue development.
The license of the software pretty much no effect on its ability survive, its worth to someone else does.
Re:Risks and Benefits of OSS (Score:5, Insightful)
Not true.
Let me cite an example in the exact same market space: CA acquired Netegrity because they wanted SiteMinder even though they (CA) already had a web SSO product. In addition to SiteMinder (their main business) Netegrity had a provisioning product. After the acquisition closed CA shot their in house SSO product and shot Netegrity's provisioning product.
CA would never have even considered selling either product to anyone else at any price for two reasons:
* why compete with a product you created when you already own it
and
* it's better to migrate your existing customers on the "to be killed" product over to the strategic product than to sell them off along with the product you're killing.
This happens throughout the software industry every time there's an acquisition and some overlapping products. The acquirer decides which products will live on, which will be shot immediately and which will be put onto life support until customers can be gently moved off onto the strategic product.
The only difference here, as the grandparent says, is that someone can grab the code and resources and carry on.
Re:Risks and Benefits of OSS (Score:4, Insightful)
Yeae. and pretty much any time some propritary software package is terminated, it is almost certainly available for sale to someone else so it can be taken over if its worth it to someone.
Bullshit
Buying out a propietry requires a substantial chunk of cash up front. So it's only an option if one of the following applies.
1: you are big enough to buy it out
2: you can convince another company that it's worth thier while to buy it out, take it over and sell you licences.
3: you can get enough of the community together to buy it out.
And even if you can get the money together the owner still has to be willing to sell. They may not be especially if they consider killing the project to be a strategic move.
Copying the code of an opensource project and setting up repositries OTOH is so cheap that anyone can do it. Minimal maintenance (accepting bugfixes, dealing with new OS releases etc) is some work but should be managable by a few interested users working together.
Good for them (Score:3, Funny)
SSO is a pretty backwards way to do Open Source Software.
Re: (Score:1)
Oracle database is 100% Java?
Berkeley DB is 100% Java?
really?
Re: (Score:1)
Oracle database is not Java based, but does require Java as a key component of the system. Pretty much all of the admin tools are written in Java, but the core database is C++.
Berkeley DB is written in C and has API's available for C, C++, Java, and others.
There is also the Berkeley DB Java Edition which is pure Java.
Re: (Score:2)
Re: (Score:3, Informative)
Depends on whether you would call the UK circa 1970 a capitalist country or not. The inventor [wikipedia.org] of the relational database was British.
you get used to it (Score:2)
there are too many who have been brainwashed with american corporatism and deceived to believe that they too can 'make it big'.
Ironic (Score:2, Insightful)
Code still accessible from the CVS (Score:3, Informative)
I'm grabbing the source now.
Love it. (Score:3)
- Hi we are Sun and we have this portal. You want to buy a commercial license for it?
*buys*
*six months pass*
- Oh hi we decided to drop that portal and switch to this Liferay-based Webspace solution none of our techs really know anything much about?
*grumble*
*a year passes*
- Oh hi again, we were just bought by Oracle and will be abandoning Webspace, would you like to switch to this WebLogic-based monstrosity instead?
*curses*
That is in addition to the OpenSSO/IDM kerfuffle.
Is this the beginning of the end? (Score:1)
Here we go again (Score:2)
Jasig CAS - OpenSSO Alternative (Score:2)
Re: (Score:2)
Why not use Jasig CAS instead?
CAS somehow forces an architecture on you. Other IAM proveders like OpenSSO do not, integrating with what you have without forcing you to adapt to what they propose.
Dollar value for open source assets (Score:1)
Another way to look at this move is that open source projects have a significant dollar value, if for no other reason that the project may compete for market share with other products. One could certainly see the strategic benefit of supporting a "hard to kill" project to compete with a market leader. Now, we have an example of such a project becoming an acquisition target.
This is no different than a company which buys out their competitor for the purpose of "integrating" (e.g., shutting down) a competing
Source code history backed up? (Score:2)
What about Shibboleth? (Score:2)
Re: (Score:2)
Jasig CAS is another good Apache 2 licensed SSO system. Both it and Shib even include support for true N-Tier proxied authentication.
http://www.jasig.org/cas [jasig.org]
OpenSSO will continue to live (Score:1)
I've actually been involved with the OpenSSO project during the last 2 years or so, and I honestly don't think it will disappear at all. It had a very active and vibrant community which supported it, many of which have already made the jump to help ForgeRock.
On top of that, OpenSSO/OpenAM already has some terrific features. Its Agent interface is superb, the SAML engine is rock solid, FEDLETs are ahead of their time, and it even had a well documented API for integrating directly into your own application. T
I'm sorry, what? (Score:2)
Do I need to care about this at all?
I understand the value of SSO and all that stuff, but I can't say I'm an expert in the field. Can someone who knows something about SSO and OpenSSO give me an idea as to whether or not I should even care that OpenSSO has been killed?
Was it especially novel? Was it used by anybody? Did it work well? How does it compare to other, similar solutions? *Do we, the open source community, need this?*
www.openssosupport.com (Score:1)
Everett (www.everett.nl) also supports opensso.
http://www.openssosupport.com/
Suresh Samuel
categories, regions and languages (Score:1)
OAM/Core Id is the reason (Score:1)