A hallmark of the open source software community is the opportunity for IT executives to get close to developers and influence product development. Goodwill Industries International helped drive the security overhaul of the new version of open source Liferay portal software, expected to be announced the week of April 10.Liferay Portal 4.0 lets individual users, groups and guests have portlet-level permissions. Administrators can set or restrict access to portlets and portlet objects, as well as delegate access authority to others.\u201cNot only did we add the security component, we rewrote every piece to hook into that security mechanism,\u201d says Brian Chan, founder and chief software architect of Liferay. \u201cBefore, it was set based on roles, and how you defined a role had to be customized between different implementations. Now every object in the system has a set of permissions, and you can manage all that through the GUI.\u201dThose features are critical to Goodwill, which runs job training and career services for people with disabilities, those on welfare and others in need. Liferay Portal 4.0 gives Goodwill more sophisticated control of security settings than was available in earlier versions, says Steve Bergman, chief information officer at the Rockville, Md.-based nonprofit organization. \u201cWe can assign security rights to individuals or put them into security groups so they have access to components that are appropriate for their activities in the portal.\u201dIT staff also can delegate administrative tasks to local Goodwill locations so managers in the field can control their own group\u2019s access privileges, says Michael Shollenberger, program manager at Goodwill.Key to the overhaul is that Liferay didn\u2019t sacrifice the stability or performance of the application in the redesign of the security framework, Shollenberger says. \u201cIt\u2019s tough when you build an application and then need to revisit the granularity of the security model,\u201d he says. But Liferay managed to overhaul the security framework without degrading performance or sacrificing stability of the product, he says.Opting for open sourceGoodwill started designing its portal, known as MyGoodwill, about two years ago. \u201cThere was a need within Goodwill to find a way to help the organization collaborate and share best practices,\u201d Bergman says.The organization considered commercial, off-the-shelf portal products as well as open-source products when it started searching for a portal platform. \u201cWe knew we wanted to head down the Java path, based on our internal capabilities and our team\u2019s expertise. But we didn\u2019t know that we wanted to go open source,\u201d Bergman says. After fleshing out its business plan and doing a cost-benefit analysis, Goodwill settled on Liferay.\u201cOur implementation costs \u2014 to get the application up and running and do the initial integration \u2014 are easily a third of what it would have cost us had we gone with [an off-the-shelf] product,\u201d Bergman says.Not having to pay for software licenses let Goodwill dedicate more funds to integrating the portal platform with its back-end systems, including its Microsoft SQL Server database, e-mail system, and online training applications from Saba.Six months after its initial deployment, MyGoodwill has about 6,000 active users and Goodwill is rolling it out to larger parts of the organization on a controlled basis. The portal is designed to accommodate as many as 100,000 users, Shollenberger says.Using open source software for a mission-critical application is new to Goodwill. \u201cI looked at this as an option a couple of years ago, but I just didn\u2019t feel like the industry was mature enough back then,\u201d Bergman says. But the open source community has grown and matured a lot in the last two years, he says.\u201cTo develop an enterprise application of this magnitude in open source was taking a little bit of a leap of faith. But we\u2019ve been very pleased with the effort,\u201d Bergman says.Goodwill\u2019s experience with Liferay could lead to more open source deployments down the road, he says. \u201cGiven this, I don\u2019t look at any new platform without also putting it side-by-side with the open source alternative.\u201dStandards supportAn additional feature in Liferay Portal 4.0 is the ability to post pages and objects with public and private viewing properties; private pages are password-protected. Added taxonomy features in Liferay Portal 4.0 let users create sub-portals within the corporate portal for a company division or branch office.The portal conforms to the JSR-168 portal API, a standard designed to simplify integration among portal elements. In Version 4.0, Liferay has added support for the JSR-170 standard for content management systems (CMS). \u201cOne team could be using one CMS tool, another could be using another CMS tool, but the aggregator \u2014 the portal \u2014 can contact both of them in a standards-compliant fashion and display the data,\u201d Chan says.In Version 4.0.1., Liferay plans to add support for a workflow portlet that integrates with the open source Java business process management engine, Chan says.Liferay offers Professional and Enterprise versions of its portal software. The Enterprise version lets users cluster portlet transactions across multiple servers. Both versions are freely available under an MIT license. Optional support, training and professional services are available from Liferay.