Building Identity Trust Federations Conference Call

November 16, 2011

1) In Attendance

  • Suresh Balakrishnan (University System of Maryland)
  • Mark Beadles (OARnet)
  • Joseph Giroux (California Community Colleges)
  • Gary O’Neill (Fischer)
  • Paul Schopis (OARnet)
  • Michael Schwartz (Gluu)
  • Kyle Stierwalt (FSU)
  • Randy Stout (Kansas Board of Regents)
  • Valerie Vogel (EDUCAUSE)
  • Ann West (InCommon)
  • Steve Tillery (Fischer)

2) Michael Schwartz, Founder and CEO of Gluu, www.gluu.org

  • Gluu started in 2009 with the intent to build an Identity Provider (IdP) appliance that’s easier for people to use.
  • Initially based on Sun products, they decided to find a new SAML platform. Michael spoke to people at InCommon and they convinced him that it would be beneficial to switch to Shibboleth. It’s been a great platform for them to base their appliance on.
  • The Gluu Identity Appliance is an identity virtualization service that they manage. (Although it’s referred to as an appliance, it’s more like a “virtual appliance” since they don’t sell any hardware.) Gluu uses a config tool called Puppet to standardize installation and management of the IdP.
  • A GUI was built on top of the appliance, which drives down their cost of managing the IdP.
  • Custom authentication.
  • Use virtual directory server.
  • Puts a level of directory service between federation service and the LDAP server.
  • Create one combined view of active directory and LDAP.
  • Provides a consistent approach to naming across all of Gluu’s customers. They have a very stable identity implementation that looks the same to all customers no matter what they deploy on.
  • Michael showed a demo of the management console for the Gluu Identity Appliance.
  • Once attributes are created, you can establish trust relationships.
  • If you’re in a federation, then you already have the metadata for the Service Providers (SPs) and you can quickly establish the trust relationships and decide which attributes to share.
  • It’s like a quick start for a website within your organization that may not have Shibboleth yet.
  • Built a GUI for managing certificates (SSL and self-signed certificates used by the IdP). Automated process.
  • Optional feature is federation hosting. The Identity Appliance gives you the ability to create a federation.
  • They also monitor appliances and collect data. Customers can view the data and generate reports. You can drill down on issues and do SLA reporting on the appliances. They have different SLAs for server outages, etc.
  • Gluu offers two versions: a public cloud version (hosted on a public rack space – $150/month) as well as a private cloud version (customer provides VM, memory, bandwidth, etc. – Gluu just provides the management). Implementation for the private cloud version takes approx. 2-4 weeks. After the initial install, it becomes more routine and logistics are easier.
  • Once you register your organization, you can begin to register IdP appliances online via the public cloud version. Basically, you can begin to deploy almost immediately (it takes approx. 10 minutes).
  • Michael is seeing interest in the market. Most of the opportunities they’re seeing are for new installations or installations where the operator has installed an IdP and joined InCommon, but they don’t have a lot of (human) resources.
  • Gluu is active in an open source effort (OX Project, http://ox.gluu.org). Moving Shib management piece into oxTrust. If anyone is interested in working on or contributing to this product, your participation is welcome.
    • The goal of the OpenXDI (abbreviated “OX”) project is to write tools that implement the OASIS XDI 1.0 graph model. The OX project maintains an open source XDI server, related tools and libraries. Standards such as XDI will be needed for Internet scale data interoperability.
    • OX projects include: oxServer, oxAuth, oxTrust, and several others…
  • Mark (OARnet): Interesting food for thought. Good approach they’re taking – both the product and some of the projects they’re working on.
  • Gluu is also looking to find partners in adjacent markets. They’re looking to work together with Fischer and others if and when possible to help get the word out. Gary plans to speak with their technical team and then follow-up with Michael.
  • Pricing is public and available on the website: www.gluu.org. They offer an educational discount.
  • If you have any follow-up ideas or questions, please feel free to contact Michael directly.
  • No labels