Sun Microsystems Inc. today announced it will turn over the code for its Web-based single sign-on authentication technology to the open source community.
"Open sourcing is not about giving code away for free," said Sun Executive Vice President John Loiacono in announcing the initiative at the Burton Catalyst Conference here. Instead, he said the company was releasing the source code for WebSSO under Sun's Common Developer and Distributed License program to stir community and innovation in the Web and identity management arena. This also allows Sun to help decide which innovations are worth testing for further development. "What we're trying to do is change the level of the conversation."
Immediately following the announcement, users expressed tempered enthusiasm, believing developers will enjoy digging through the code and finding ways to improve its use as an authentication tool, but also wondering if there's a catch. Some openly questioned whether this was more of a marketing ploy to help Sun seed more products and visibility in the marketplace since releasing WebSSO, to now be known as Open Source Web Single Sign-On, to a broader audience could also help push other ID management tools in its arsenal.
Loiacono emphasized during his session that Santa Clara,Calif.-based Sun wasn't dropping its proprietary rights because the technology, part of its Java System Access Manager software, had lost its value. "This is a revenue-generating product for Sun,"
To gain a competitive edge against the Linux and Windows operating systems, Sun last month announced it would turn over code from its Solaris operating system to the open source community. OpenSolaris includes the core OS, system libraries and commands. The software giant followed that feat by forking over code for its Java System Application Server Platform Edition 9.0 and the Java System Enterprise Server Bus (ESB) at the recent JavaOne conference.
Loiacono said Sun will continue to support WebSSO and foster community-building through open-source forums designed to examine and enhance the code.
"We anticipated the move," noted Michael Blackin, chief security architect for Oracle Corp., "and it re-enforces to us that single sign-on as a component of identity management is a commodity, and that the real value that people get is out of the identity administration side."
Documentation and sample code is now available on a Sun Web site. The full code will be available in early 2006.