ESOE Beta 2 Release
So it seems like I only get a chance to write a post lately when we make a release. Thats not my intention with this blog its just the reality of how much work we are doing at the moment on ESOE and our next piece of software thats currently snaking its way through the development process.
So today we have ESOE Beta 2 and the Apache SPEP Alpha 3 code releases, naturally you can get it over at http://esoeproject.org.
Changes in this addition include several bug fixes, updates to the splash screen between services and the ESOE on initial authentication and support for the back/forward button to be used correctly in browsers.
Additional work for the ESOE itself will now focus on rewriting the ESOE Manager tool to take it from something usable by administrators in the short term to a proper management environment for all users.
We intend to release a Beta 3 in the future containing the new ESOE Manager environment and the Apache code as a single package, IIS will be rolled out initially as s standalone Alpha/Beta candidate series and rolled into the core distribution in the future when it makes sense to do so.
Overall the goal of an extremely solid 1.0 release is on track for early 2008. It may interest some of you to know that Beta 2 code is already being used in production by large clients, its certainly 1.0 level code, we'd just prefer to have more of the external pieces together before tagging it as such.
I hope to be able to write some more interesting technical level posts here soon, though first I have to get paper submissions for JavaOne, AusCert and a few others done and dusted.
Posted at 02:14PM Nov 12, 2007
in category General |
|
|
|
|
ESOE Beta 1 Release
I am extremely pleased to announce the Beta 1 release of the Enterprise
Sign On Engine.
This is a significant milestone with many issues which were raised as a
result of the Alpha releases and testing being resolved and rolled into
this release.
One of the really important new things for Java is that we now natively
build with Sun JVMs for Java 1.4, Java 5 and Java 6 which you'll see
reflected on our downloads page. We've also continued to extend support
for OpenID and Shibboleth.
A small sample of the new features and bug fixes:
* [CORE-13] - Update ESOE config to be stored in externally defined location
* [CORE-19] - Enable ESOE/SPEP combination to speak directly to backend
nodes in load balanced environment
* [CORE-20] - Introduce support for HTTP-Redirect SAML profile
* [CORE-24] - Have ESOE support common domain cookie SAML 2 impl
* [CORE-15] - Empty policy set in AuthorizationProcessorImpl causes
wrong behaviour
* [CORE-21] - Correct assignments to entityID field in metadata
* [CORE-22] - Safari and Konqueror fail to adhere to SSO redirect
We have also extended documentation significantly on the ESOE wiki, I
invite you to take a look around.
For our developers Ivy repositories are now updated to 0.4.0 (Beta 1).
Finally we've created an introductory video for the ESOE which is
narrated and takes you through exactly what the system can do.
As always downloads are available from:
https://esoeproject.org/confluence/display/eu/Downloads
We welcome you feedback on our Users and Developers groups,
http://groups.google.com/group/esoe-dev and
http://groups.google.com/group/esoe-users
Thanks to the core guys on our team you've done amazing work on this release.
Posted at 09:48PM Sep 14, 2007
in category General |
|
|
|
|
A blurry demo video
So no one would say I could direct a feature film with blurry video like the one I created below but it gets the job done for now.
The video shows off the ESOE combining Google Apps and its true single sign on modes.
You'll see it's using nothing more then a standard IE browser with no added configuration or software and an Active Directory connected workstation. The user can log straight into GMail etc, no password required. Infact this works for all services connected to ESOE, Google apps is just a special and little more "cool" case.
Beta 1 of ESOE is out Friday 14/9.
Posted at 08:59PM Sep 10, 2007
in category General |
|
|
|
|
wouldn't it be cool if.... ?
One of the various things we try to install in our software design is flexibility and accuracy of documentation so that when that inevitable "wow wouldn't it be cool if..." comes up from a customer, a partner or one of our very own team members we can actually respond to that idea fast to improve what we can offer.
It seems to me that this kind of responsiveness is a goal of many in the software field, though many seem to struggle to make it a reality which is a shame because the benefits of it to everyone involved with your software are enormous.
There is much you can do to make this a reality, but the best thing you can do in my opinion is regularly put such a "wow" idea into action and see how well your team is able to respond.
So although we are swamped with work right now (isn't everyone 24/7? these days) thats exactly what we spent the afternoon doing. At 2pm the Enterprise Sign On Engine was not able to undertake access control based on an action being applied to a resource, it could do lots of impressive decision making based around access to resources, but it was blissfully unaware tof the user invoking a read, a write, a pull, a push or any other action you care to think of a user performing on any given resource.
At 5pm the Enterprise Sign On Engine could do lots of impressive access control decision making for resources, only now it could also look at the action the user was undertaking (or potentially may wish to undertake) as advised by the SPEP and incorporate that into the decision process. Everyone can view but only a subset can write? No problem. Anyone can push data but you can only stream if your from a trusted federated partner or in the central administrators group? No problem. You can see a list of servers but you should only be able to see the ability write DNS changes when your access name is 'fred' (and of course actually carry out the DNS change action ;) ). Again no problem.
So for three hours work we're able to significantly enhance the value of the software, introduce more features into LXACML from its much bigger XACML brother, make it do something it was not intended to do and best of all not break backwards compatibility. Pretty damn nice. Best of all developers like to develop, we all like a challenge so it makes you feel good on a personal level.
Design well, code well, comment well, peer review well, unit test everything and regardless of workload just occasionally get that WOW idea in there and see how your team is really going, wouldn't it be cool if you knew everything was functioning really well :).
In other great news for us today our C++ implementations of SPEP are now functioning really well, Apache 2.0 is all but done and we'll be able to follow up our support for 1.3, 2.2 and hopefully IIS relatively quickly now. Apache 2.0 and Google Apps integration along with a number of bug fixes and improvements is making Beta 1 currently scheduled for late August look pretty nice, thats right no more Alpha, exciting times....
Time to get back to the work we're doing on our tools, I can't wait to show them off some in the near future.
Posted at 04:25AM Aug 09, 2007
in category Development |
|
|
|
|
Alpha 3, QUESTNet 2007
Just a quick note to let you all know that we rolled Alpha 3 of the Enterprise Sign On Engine on Tuesday evening.
This week I have ben at QUESTNet 2007 which is held in Cairns in Northern Queensland, Australia. I've enjoyed myself while here talking to many people and of course getting to show off ESOE on Wednesday afternoon.
I'll be focusing on some documentation over the next week so keep your eyes on the wiki.
Posted at 07:23PM Jul 12, 2007
in category General |
|
|
|
|
Dependencies, releases and my great team
So can I first up state for the record, I think we have some of the best people in the business working on the ESOE and other intient projects, Shaun, Andre, Paul your skills are outstanding you should be very proud of what you've all helped to build. Better still they managed to do this with me apparently at the helm, thats got to be worth extra bonus points :).
So ESOE Alpha 2 is finally out the door. We took an extra two weeks to speed up our release process now so that in future things are much more automated, some small pain and hold up now was worth the outcomes.
Alpha 2 brings a lot of new stuff to the table, you can read the release announcement here. The most exciting stuff and the biggest changes are actually only for developers, a release primarily targeted at developers... whats going on!. Its simple, we want to build a big strong open source community, by making the entry to development as easy as possible we hope that will happen a lot quicker. Developers we WANT you to HELP us with what we consider to be piece of software that will change the way authentication, access control and federation is done. Contact the development group to sign up, some of you already have and we welcome you. Of course if you want some details you can always email me directly
So what do I like the most in this release. Its a simple single word. IVY. We've moved the dependency management process entirely to Ivy, why not Maven 2 you may ask, thats a discussion for a different day, but Ivy is a godsend. Intient has even started hosting an Ivy repository which we'll open up for folks to use, of course if your doing ESOE development your able to use it now. We'll setup a request process in a few weeks time to get stuff added up there.
So with Ivy I can open up my eclipse development environment click an ant task and all my dependencies are downloaded from the web as well as the dependencies of the dependencies and so on. Better still if I want to overwrite something with a local version (lets say we have a local test build) it will take priority and flow around my system as if by magic without breaking the other guys stuff. It's also helping us with our continuous integration efforts. A new release of JAXB comes out for example, we can throw it up onto our server and on the next run of the CI server know if its going to cause us any problems should a client need to upgrade for some reason before we support it officially.
Our releases are now all automated as well, we may do some continued fine tuning in that department but again Ant combined with Ivy makes rolling out our releases very clean now, I can build an entire ESOE release (including SPEP) in about 15 minutes now. That was about a day previously to get all that together. Ivy also gives us very nice reporting so clients can easily see what binary versions of jars we have shipped them, so if you wish to manage jars with say jpackage that becomes a hell of a lot easier.
The wiki has been overhauled and now looks very slick with some documentation additions as well. ESOE Manager is currently getting the treatment behind closed doors. Right now to be perfectly blunt the support for editing policies sucks, no one wants to deal in raw XML, not even a code freak like me :). The new version of this stuff based on the designs we currently have will radically enhance policy management. Look out for some other LXACML policy additions as well, the PDP is about to get even more powerful then it already is.
In other project news Irukandji continues to come along at a cracking pace, I am pretty impressed with what it can do today. What it will be able to do when some slick web interfaces are added over the top will be really powerful. Stay tuned.
Posted at 06:11AM Jul 05, 2007
in category Development |
|
|
|
|
intient downtime, next release of ESOE
So we had a little downtime on some of our hosted tools today due to an upgrade of a couple of pieces of software including our blogging engine. All went well and we've been nice and stable since. If your having any problems drop our support group a quick note, they'll get onto it.
So ESOE wise we're preparing the 0.2 release at the moment, lots of new stuff to discuss which I will blog about next week when we let it go. It was planned to send it out today but with the requirement to update software on the core server and some additional work being undertaken for 0.2 we've decided to hold it back until Tuesday. However all the best pieces are already in the SVN development branch so if your super keen you can jump ahead of the pack :).
We've been discussing some plans internally for the future and along with a project being led by Paul Stepowski we're going to start building a very nice piece of complimentary technology for the ESOE, which we believe will help take this concept of federated services even further, stay tuned.
Its also probably well known that we don't use Maven. We have our reasons after evaluating it thoroughly, though we won't go to far into why because its still a project thats got much appeal for many developers. Having said that we are going to formalize the way we do Java / C++ development into a set of processes that others can follow because I am getting more and more requests for this. We intend to make this open a s well just like everything else we do. If the need is there we'll even offer some consultancy type stuff around it in the future, we'd certainly like to think our experience can help others to build great software solutions (open or closed). Drop me a note if you'd like to register some preliminary interest in that for your development team.
Posted at 01:29AM Jun 16, 2007
in category General |
|
|
|
|
Back to Australia
So I've been back from the US about 48 hours now, I think about 40 of those hours however I have been asleep, plane trips really muck around with my body clock.
I learned a lot on this trip and met a lot of great people. Everyone I met in the US was extremely friendly and welcoming which made things a lot easier. I would like to thank everyone I dealt with at JavaOne, IIW, Google and Stanford you've all taught me a lot.
It seems the ESOE has been starting to make its way around various groups with downloads increasing daily now, I would like to continue to invite you all to join the users and developers groups as approproiate. For our part we're back hard at work on the Apache and IIS integration code and we hope to have this available by mid June. The base C++ SAML 2 code should be available later today in the development ESOE branch.
I'll make a post and subsequent wiki entry in the next few days about how we manage our SVN, its different from what I consider the "mess" of other uses in that we always keep our trunk buildable and have a development branch, slight difference that folks just need to be aware of.
Issue tracking for ESOE is now live and you'll see Fisheye and other technologies coming online in the next few days. We'd like to thanks Atlassian and Cenqua for licensing this technology to our projects as part of their OSS strategies.
Posted at 08:00PM May 21, 2007
in category General |
|
|
|
|
IIW 2007
So IIW 2007 wrapped up yesterday and I had a great time speaking with many people in the User Centric identity space, something which I think with much caution we can successfully use in the enterprise space, which is one reason the ESOE supports openID.
Lots and lots of presentations on OpenID many of which I didn't attend due to my interest in other presentations that conflicted but it seems like most folks where around to get upto speed on what OpenID offers.
Some very interesting presentations from Higgins and XRI guys. I see some interesting parallels between what the higgins guys are trying to do and what we've done with the ESOE also some opportunity for us to leverage their Java implementations directly in the ESOE so thats very nice. In fact I've agreed to do exactly that with some of their attribute transfer technology in a few months time, the complimentary eclipse/apache licensing also helps out here.
Thanks to everyone at IIW was nice to meet so many of you.
Posted at 07:00PM May 16, 2007
in category General |
|
|
|
|
JavaOne is done, time for IIW
So JavaOne closed up on Friday night, a truly great 4 days, if your in Java development I highly recommend you get involved next year, the dates are out already for next year, May 6 - 9 so mark your diaries.
Yesterday I went for a tour to Alcatraz and got to do some tours with the US NPS guides who had so much informative background details on the island from 1847 till now, truly great stuff. Some of the secret tunnels they showed us were great. Later on I took the Alcatraz audio tour, where you walk around the prison with headphones and previous prisoners and guards narrate. I can only imagine how it would have been to be in this place, cold, dingy, dark and small are only some of the words that get conjured up when I think back on my few short hours there. I recommend this to anyone traveling t San Francisco. Don't get caught http://www.alcatrazcruises.com/ are the only company that can actually take you right onto the island itself the others just cruise around it.
I've just got off a 1 hour train ride from San Fran to Mountain View, bringing 40kg of luggage, multiple bags and my new toy (more later) was a real pain.
This week will be even more interesting I think with the internet identity workshop, really looking forward to seeing what these folks in the user centric arena are doing.
Mountain View is beautiful and more importantly WARM :).
Posted at 06:29PM May 13, 2007
in category General |
|
|
|
|