Sun staff writer Marina Sum interviewed Jamie Nelson, director of engineering for access and federation management at Sun, to learn his views on security as it pertains to application development on the web. This interview is part 1 of six, each with a different individual and all part of the From the Trenches at Sun Identity series.

Providing for identity in the development of web applications often gets short shrift, according to Nelson. Concerns such as logic and UI so often preoccupy designers that, not until the last minute to they give any attention to the tools that will be used for verification and authorization of access, which maintenance tasks are implied and whether federated identity can be used.

The result is either a cut-and-paste approach using community code or a hurried DIY job that results in siloed applications with unique identity infrastructures that act as obstacles to single-sign-on (SSO), he asserts. As an alternative to this harried, patchwork approach, Nelson recommends using Sun Java System Access Manager to centralize security with SSO.

Even so, Nelson sees SSO as somewhat outmoded, given the growing interest in using robust federated access management solutions. He sees companies increasingly insist that their developers incorporate security seamlessly and fold it into web-service environments.

Java Access Manager can accommodate applications that serve both internal and external customers, Nelson observes, providing federated identity across an entire enterprise. This makes the solution useful even to companies that outsource operations.

"That's the current state of SSO," Jamie told Sum. "Doing business outside the firewall while ensuring security and privacy is what federation is all about."

Clearly, Sum writes, Nelson believes in access management from the outset in the developer's work. Otherwise, that silo situation mentioned earlier is the predictable result. He suggested that developers use Access Manager or OpenSSO or, as an alternative, Java Application Platform SDK. Doing so, he says, helps avoid high maintenance overheads and makes life easier for everyone.

Sum includes some useful references at the end of the interview that include:

• Securing Applications With Identity Services, Part 1: Authentication

• Securing Applications With Identity Services, Part 2: Authorization

• Developing Secure Applications With Sun Java System Access Manager, Part 1: Basic Authorization

• Developing Secure Applications With Sun Java System Access Manager, Part 2: Advanced Authorization

• Federated Identity Through the Eyes of the Deployer [...read more...]
  
  Keywords:

  • Access Manager
  • Java
  • Management
  • OpenSSO
  • security
  • SSO
  • Sun Java System Access Manager
  
  

  		fullsource
  Print Email Current Profile Archive Blog Generate newsletter

  ---

  Other articles in the Software section of Volume 127, Issue 1: Sun Secure Global Desktop Software Version 4.41 Top Sun Software Downloads From the Trenches at Sun Identity: Access Management for Web Applications (this article) Top Sun Java Software Downloads Sun Java System Identity Management Portfolio Sun Java System Directory Server Enterprise Edition 6.3 See all archived articles in the Software section.

  Top 10 Most Popular Articles in Current Issue (Vol 168, Issue 1) Sun ZFS Storage Appliances Earn Highest Ratings for Enterprise and Midrange NAS Systems SPARC T4 Server Momentum Expands Demand for SPARC System Oracle Sun Ray 3 Series Clients Capture 2011 Good Design Award SPARC T4 Servers Find Favor with Telecommunications Service Providers How to Manage the ZFS Storage Appliance with JavaScript: Three Approaches Oracle Ships Over 1 Exabyte of Media for StorageTek T10000C Tape Drives Exactly What Is Big Data? Building a Secure Cloud with Identity Management Oracle Secure Global Desktop Allows Simplified, Anywhere, Access to Applications Migrating from SUSE Linux to Oracle Linux 5.5