Title: Gluu’s IDnext 2013 Novay Digital Identity Award Submission
1 Gluus IDnext 2013 Novay Digital Identity
Award Submission
- Gluu started the OX project in 2010. The goal was
to open source portions of Gluus commercial
identity platform. -
- Since that time, the project has become one of
the most comprehensive implementations of The
OpenID Connect profile of OAuth2. -
- The fifth OpenID Connect Interop is going on
right now, and Gluus server is expected to have
an equally strong showing. Current results
compare favorably with other participants. The OX
project provides a much needed administrative
interface for the Shibboleth Identity Provider
(IDP), which Gluu uses as part of its identity
stack to provide SAML federation capabilities. -
- In 2012, Gluu added support to OX for the UMA
profile of OAuth2. In fact, Gluu defined and
Implemented a new use case for UMA, which was
developed into a case study called Access
Management 2.0 for the Enterprise. This case
study, which was one of the most visited sites at
Kantara after its release, helped to accelerate
market interest in developing UMA technology.
Currently an UMA Interop is planned for early
2014 with Gluu, Forge Rock and others
participating. -
2Recognizing that an easier approach was needed to
enable web developers to use the OpenID Connect
and UMA profiles, Gluu launched a Crowd Tilt
campaign to fund plugins for The Apache web
server. This effort was successful, and not only
raised money for open source development, but it
raised awareness for OpenID Connect and UMA.
Developers are engaged, and coding is under way
for these plugins. Gluus entrance into the
market promises to bring down the cost for
organizations to use identity provider saml. Gluu
is seeing adoption in the US, Europe, the Middle
East, and Asia in the government, education, and
commercial sectors. The platform is particularly
good for large B2C SSO deployments. For example,
the State of Texas is rolling out a system for 3
million K12 students. OX is under consideration
to revolution voting in two countries. While
people might not see the OX platform, it may
enable some of the authentications and
Authorizations behind the scenes for new web and
mobile services. Gluu has also been on the
forefront of introducing new standards to OpenID
Connect to Support multi-party federation. These
endpoints are already supported in the OX
project. One of the most significant innovations
in the OX project was the use of interpreted
scripts to enable organizations to customize the
behavior of their IDP.
3Gluu enables five different Interception points
that enable domains to use simple Python scripts
to implement very custom workflows to meet the
needs of their organization, especially for
authentication and authorization. In previous
access management platforms, you could use Java
or C to customize behavior. But it was hard for
many system administrators to compile and deploy
changes to business logic. The OX interception
approach makes it much easier for organizations
to use new authentication technologies and to
implement federated authorization policies. OX
was designed from the ground up to be easy enough
for small domain installations, butto scale to
large B2C requirements. It supports clustered
deployments for maximum business continuity. The
application is statelessno sessions are usedand
uses LDAP as the underlying persistence layer, as
is common with many other access management
suites. In addition to the OX server software,
the project also publishes client software. In
fact, the OX OpenID Connect RP is used by many of
the participants to test their implementation. A
The OX platform represents one of the most
significant new additions to open source access
management software since the release of
Shibboleth and Open SSO, both of which occurred
many years ago. Additional, optional, material
clarifying the submission, if any The Gluu
Service is based on OX software. There are many
videos with demos available at Motivation why it
qualifies for the award (max. 500 words)
Supporting new protocols is not just a race to
implement the most endpoints.
4We set out to write the OX software because we
couldnt train Gluu engineers to modify XML files
by hand. We needed something that was easier and
less error prone. OX has become one of the most
usable and flexible access management platforms
available. Gluu uses the OX software to deliver
a utility access management service to
organizations. But we made the software available
under the MIT license, which enables
organizations to embed or use as they see fit.
The goal is to make access management available
to many more organizations, not just those large
enough to purchase expensive commercial identity
/ access management suites. No one benefits if
a domain does a bad job of authentication and
authorization. To make the Internet a safer
place, we need to make open source tools
available, not just expensive commercial tools.
OX is a step in the right direction, and it would
be really helpful to get recognition for the work
weve done which made the OX releases of 2012
possible. We cant spend 4,500/day on
pay-per-click like some of our competitors, so
awards like this really help generate the buzz on
the Internet that drives adoption of the
technology. Internet adoption of OpenID Connect
and UMA for authentication and authorization
could have a massive impact on privacy. In fact,
these core services are the coral reef, from
which a whole ecosystem of privacy protecting
technologies, networks, and technologies can
develop. Other work that Gluu has contributed to
includes graph technology to enable people and
organizations to share data. We decided to focus
on authentication And authorization, because we
realized that without it, there was no way to
share data in a Scalable privacy protecting
manner. Article resource-http//www.blogster.co
m/thegluuserver/gluu-started-the-ox-project-in-201
0-the-goal-was-to-open-source-portions-of-gluus-co
mmercial-identity-platform