Open source SSO lands in spotlight

* Japan's NTT Docomo offers OpenID authentication; MetPass SSO now open source

Last week was a really big week -- perhaps the biggest ever -- for open source simplified signon in general and OpenID in particular.

Last week was a really big week -- perhaps the biggest ever -- for open source simplified sign-Ope on in general and OpenID in particular.

First, NTT Docomo, Japan's largest mobile service provider (with over 50% of the population as customers) started offering OpenID authentication. For quite some time the company's users had been SSO-ing (and one-click shopping) with their mobile phones using something called i-modeID. But this was only on their mobile devices. PCs needed to use a separate authentication application called "docomo ID" -- but that was totally independent of the I-modelID. It was, essentially, two very large silos.

Not any more.

Beginning last week, a user can now authenticate to a site using their docomo ID, which has been transparently transformed into an OpenID. The site can then obtain that user's "i-modeID," which is now linked to the "docomo ID" transparently. It's expected that this should drastically accelerate the use of i-modeID payments from PCs. That's new OpenID's for over 55 million Japanese NTT docomo customers.

I've wondered when the discussion about cloud computing would reach the "suite vs. best-of-breed" debate. Google's announcement last week should bring that to a head in a hurry.

Google announced The Google Apps Marketplace, essentially a retail storefront as well as a set of APIs that enables a bundling of tightly integrated software-as-a-service applications from multiple (and there are a lot of them) vendors. As Chris Ceppi reported: "The apps demoed last night represented a range of business processes from Intuit's payroll to Atlassian's product management to a force.com CRM app from Appirio -- all showed seamless integration with Google Apps such as Gmail, Calendar, Chat and all kept the user completely in the browser for all tasks." But, for us, the really big point is that they'll all be tied together by openID. The user needs to authenticate to a Google account once, then seamlessly move from application to application no matter whose it is, no matter where it is. Google apps might not have millions of users today, but with moves like this it might not be too far away.

Not quite as momentous, and having nothing to do with OpenID, another SSO service was released into the wild as open source. I was really amazed by MetaPass SSO when I saw it two years ago ("MetaPass' single sign-on package enables administrators to create scripts visually") and now it's open source. Windows, Mac, and Linux executables and source-code of MetaPass SSO are available for download on the MetaPass Web site and on major open source Web sites (such as SourceForge). MetaPass is definitely an enterprise (not a consumer, or "user-centric") SSO solution. If you are friendly with "roll your own" software for your organization it's definitely worth a look.

Learn more about this topic

OpenID: User-centric identity

Google Apps Marketplace brings cloud services together

Three benefits and a warning for Google Apps Marketplace
Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.
Related:

Copyright © 2010 IDG Communications, Inc.

IT Salary Survey: The results are in