Looking to keep its edge in the Web services (define) jungle, Sun Microsystems Monday released version 6.0 of its Sun ONE Identity Server software.
The platform is one of several that will allow end users to sign on once and have their passwords and other personal information accessible over several sites.
The upgrade from Sun ONE Identity Server's previous 5.1 version is a stand-alone product based on Java and XML specifications. But for the first time the Santa Clara, Calif.-based networking company has added the Liberty Alliance and newly ratified Security Assertion Markup Language (SAML) to its Sun ONE regimen.
"What we've done since the 5.1 version, is base the Identity Server on Java with JAAS [Java Authentication Authorization Service]," Sun Senior Product Marketing Manager John Barco told internetnews.com. "There are also new policy agents and new security mechanisms such as the ability to digitally sign audit logs. And you can sign and encrypt those, which is good for our customers that need a lot of security aspects built in."
Out of the box, Barco says version 6.0 allows for single sign-on for Web-based resources and centrally controlled access services. Flexible authentication mechanisms including LDAP, RADIUS, X.509v3 certificates, SafeWord token cards, and UNIX platform authentication services. The company says its APIs in C, Java, and XML allow the client to customize the system as well.
The software supports Sun's usual gang of operating systems including Solaris 8 and 9 as well as Solaris x86, but it also supports Linux Red Hat 7.2 (v6.1 only) and Windows 2000. The system is built to run best on Web or application servers, such as the Sun ONE Web Server 6.0, Sun ONE App Server 7.0 (v6.1 only), IBM WebSphere 4.0.3 (v6.1 only) and BEA WebLogic 6.1 (v6.1 only).
Pricing starts at $10 per user with volume-based discounts for customers not using its directory software. Sun says that is much less expensive than the competition. According research done in April 2002 by Gartner Dataquest, a business with 5,000 users and four platforms (Z/OS, NT, Windows 2000, and Unix) was paying between $14 and $35 per user for password reset/synchronization application software.
Released in July 2002, Liberty's specifications are different than SAML in that they define a standard for federation and single sign-on. Liberty uses SAML specifications in its bindings, assertions and exchange of assertions. Liberty also defines additional protocols, such as single logout, provider introduction, and federation termination.
Sun said the decision to add Liberty and SAML were no-brainers considering the company's involvement in both the Liberty Alliance and open standards. And even though Liberty was created to compete with Microsoft's Passport authentication service, the Redmond, Wash.-based giant has been working with Web services standards groups like the Web Services Interoperability Organization (WS-I) to ensure its software works with everyone else's.
"People are still taking a wait and see with Web services," said Barco. "Our customer base is broad including financial and manufacturing and there is not one type of vertical that is using our Identity Server more than the others. The problem set that everyone has is consistent across all enterprise. We would like to see the Liberty's specification remain an open standard. I think it's up to the founding members and not just Sun to decide that."
At this time Sun claims it has 75 customers in line for version 6.0.