mayeronline.it

Some days ago I was wondering why among the enterprise level Identity and Access Management (IAM) infrastructures, I’ve never seen an open source solution.
Sun claims “to open sourcing all of its identity management software products by early 2011″ but in the meanwhile, is there any complete, enterprise level, open source identity & access management suite?
If not, is there any set of open source components that can be combined together to build a complete IAM suite?

In order to find support for my research on open source identity management projects, I’ve consulted some IAM professionals through the LinkedIN’s “Identity and Access Management” group and I received a lot of interesting hints.
Thanks to the group’s collaboration I harvested interesting links to open source projects some of which, at least for me, unknown. While I’m going to take some time to explore those new projects before writing about them, in this post I want report a brief recap of the thread (given that LinkedIN’s groups discussions are accessible to members only, I omit the complete names of the authors of the comments that haven’t explicitly given me the authorization to report their names).

Four more or less complete open source solutions have been reported: OpenIAM, IAMSuite, VELO and JBoss Identity (thanks to Alan, Clark and Ross  Foard).
As “complete”, I mean offering common features like: identity provisioning, basic self-service service for password reset, SSO, directory, audit & reporting, role management and, if possible, also federation, compliance and workflow.

The common position is that, even if those “complete” projects have some good features, they are not ready to be used in production environment. “Some of them are very basic compared to top vendor suites and, even if they can be very promising projects, they are developed by few people” says Mark van Reijn. I personally add that most of them are also poorly documented and not so widely used.

An open point on complete solution is represented by SUN IAM suite. As stated before in the near future SUN should open sourcing all of its identity management software products. Obviously that could be a great improvement in this panorama. Unfortunately time required for the release seems to be quite long…
“At this time, there is nothing new on this topic, I expect we will be in a position to describe the roadmap in a few months” says Normand. Moreover, speaking about Oracle’s acquisition of SUN, Gartner’s analyst Earl Perkins says that “the claim of open sourcing for IAM software products by early 2011 was and is pretty ambitious. The reality is probably a longer-term goal spanning 5 years or even longer, since there are a number of areas affected by open sourcing for the solution”.

Different seems to be the situation of projects related to specific aspects of the identity and access management even if “somehow there is little focused activity towards open source identity management, other than single sign-on related technologies such as OpenID et. al.” (Mark van Reijn).
In this category we can find some enterprise level projects like “OpenSSO and OpenDS, both backed by a Open Source leader Sun” as signaled by Normand and some younger initiatives like OpenPTK, OpenConnector, “OpenAdaptor and LSC Project” reports Jim.

I want close this post with a comparison between open and closed software in IAM world. As expected there are two different points of views:

“Open source software might run well and cheap, but who to blame when it fails? Easier is to have a commercial solution and get the right support from the Implementation Vendor. I advise you choose a good implementation vendor that has resources and you know they will not close office because they don’t have money to operate” says Orhan.

“I have a preference towards open source software, mostly because of the “Free as in Speech” paradigm that it exists in. In the identity management space, without open standards the integration of the various types of identity will be difficult. OpenID, PKI, SAML and Information Cards all serve to identify individuals online and they all do it in a different way, these and others that emerge will best serve the community if they are open.
While IAM products have not been open sourced, some products such as BIND are indispensible and others, Linux, MySQL, Apache, Firefox, Wordpress are as fine as any commercial products. I am hopeful that Sun will open source its complete stack as their products are very good” counteracts Ross  Foard.

What is your opinion?

Tags: access management, connectors, digital identity, identity management, identity provisioning, identity synchronization, open source, openadaptor, opends, openptk, opensso, oracle, SUN

This is a personal blog. The views and opinions expressed here represent my own and not those of the people, institutions or organizations that I may or may not be related with unless stated explicitly.
My blog includes links to other sites operated by third parties. These are provided as a means of convenient access to you to the information contained therein. I am in no way responsible for the content of any other sites or any products or services that may be offered through other sites.

This entry was posted on Monday, November 9th, 2009 at 3:18 pm and is filed under Identity & Access Management. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.