Tuesday, June 7, 2011

Some Thoughts on IdM, SSO, SAML and CAS

We are having a hot summer time here, so sharing clever thoughts has become challenging for me. Nevertheless, I would like to write some words here, in short: "Identity Management".

Based on my last experience from diving into the world of unknown, or in other words: "the experience from hardening my knowledge base", I'm starting to redefine my learning principles. Earlier I had an opinion that the best, yet structured, way to learn something big and new is to find a new book (bible) and just to read it from cover to cover. And only after such a hard reading, with hands-on exercises, one could be able to form some conclusions and feel more comfortable in that new area.

I followed this path last time as well and I have read the whole book: "Identity Management: Concepts, Technologies, and Systems".

And ... I don't feel much more clever now :)

The fact is, the book offers an in-depth understanding of how to design, deploy and assess identity management solutions. It provides a comprehensive overview of current trends and future directions in identity management, including best practices, the standardization landscape, and the latest research finding.

But this book is to much theoretical and overly one-concept-oriented. Note that reading this book sooner or later you will punch the head against the wall called: "SAML" :)

I'm not saying that SAML is bad or even that it is not worth reading about, etc, I'm just saying that the book, the concept of IdM, has to narrow description (you could learn even more about SAML from wikipedia and its references).

I'm just asking myself silently, where are more chapters about SSO, IdM solutions, protocols, e.g.: CAS, JOSSO, Athens, OpenAM? ;)

After finishing this book I was still hungry for knowledge about the IdM (especially about the SSO solutions), so I went googling for more. I was more than happy about the results finally. I have found plenty of articles about CAS usage and what is more interesting, I have come across the "CAS and APEX integration" tutorial.

I have done the whole example and I must say that CAS integrates smoothly with APEX. Moreover the author gives more good advices for APEX, open web solutions, hardening, e.g. using ModSecurity.

Never stop searching :) and nevertheless the bad experience from the last book, next time I will try to
search for better "bible" ;)

P.S. If you can do something with APEX smoothly (in this case CAS integration) you will be able to do it with Java and so on.

Disclaimer: I did not get paid to review this book, and I do not stand to gain anything if you buy the book. I have no relationship with the publisher or the author.

1 comment:

  1. Hi Alqis,
    a very interesting post.
    Do you have experience in implementing CAS (Central Authentication Service) SSO for APEX 4.x over Oracle HTTP Server?
    I think mod_owa it's not necessary and i don't know how to configure it.
    My email is: marcbattle10@gmail.com
    Thank You!