Open source community crowdfunds plugin for 300 million Apache Web Servers

1
Open source community crowdfunds plugin for 300
million Apache Web Servers
Gluu announced today that its crowdfunding
initiative to develop two OAuth2 security plugins
for the Apache web server successfully tilted.
The first plugin will make it easier for web
developers to authenticate people using the
proposed OpenID Connect protocol, which is on
track to be adopted by large consumer services
like Google and Facebook, as well as by
organizations both large and small. The second
plugin will enable organizations to use the UMA
profile of Oauth2 to control access to web
resources.   We are thrilled about the success
of this crowdfunding initiative. It will enable
us to immediately engage the technical resources
to bring this important technology to market,
said Gluu CEO and campaign admin Michael
Schwartz. The web server plugin is a proven
design to secure applications. The approach is
easy for web developers to use, and leverages
open standards that free organizations from
vendor lock-in to proprietary security software
infrastructure. In addition to the
approximately 30 individuals who contributed to
the campaign, three pioneering companies stepped
in to provide two thirds of the funding.
2
The first was Falcon Consulting, Gluus exclusive
distribution partner in Japan and South Korea.
The second was Symas, the primary technical
contributor to the OpenLDAP platform. The final
sponsor was ForgeRock, one of the industrys
leading open source identity software
vendors.   OAuth2 promises to solve a handful of
federated SSO requirements that were only
partially addressed by earlier technologies like
SAML, said Schwartz. Open source OAuth2 client
software for popular web servers like Apache will
facilitate interoperability testing, and enable
us to prove out the feasibility of using OAuth2
for central authorization.   The crowdfunded
plugin will be donated to Kantara for maintenance
and marketing. Joni Brennan, Executive Director
of Kantara said, crowdfunding open source
software is a testament to the remarkable
individuals and organizations that define our
ecosystem. Hosting plugins that further open
standards for identity leverage Kantaras trusted
vendor neutral position. We look forward to
additional projects coming online in the
future. Today the web server plugin is the
most common approach large organizations use to
centralize authentication and authorization,
explained Masamichi Takahashi from Falcon Systems
Consulting.
3
We immediately recognized that an open source
plugin would help maintain reverse compatibility
with previous application integrations the
approach is similar enough to require minimal
changes to most applications.   Marty Heyman,
President at Symas, added this project is
complementary to Symas Open Source Access
Management Stack. Hopefully the Apache web server
is just a start, and well see plugins soon for
IIS, nginx and popular CMS and CRM platforms.
Making it easier for web developers to use OAuth2
will expand the market for everyone, while making
the Internet a safer placeits a win-win for
everyone. Native application developers will
still need libraries, but there are a lot of
websites out there that could really benefit from
the web server plugin approach.   This was
Gluus first foray into crowdfunding. Although I
wasnt surprised the campaign tilted, I was
surprised how it tilted, said Schwartz.
Individuals gave more than we expected. The
companies who we thought would benefit the most
from the software were on the sidelines. But in
the end, the open source companies stepped up to
the plate and enabled us to succeed.   About
Gluu   Gluu helps organizations design, build,
and operate authentication and authorization
(AA) systems to secure web and mobile
applications using open source software.
4
Gluu leverages open standards such as OAuth 2.0,
SAML, and RADIUS to enable organizational strong
authentication, enterprise single sign on, and
web access management (WAM). The OX open source
project, maintained by Gluu, implements two
profiles of Oauth2 OpenID Connect for
authentication and UMA for authorization. The
Gluu Server subscription is a managed service
that enables organizations provide standards
based access management for their Internet
domain, on the IAAS platform of their choice.
Gluus website is http//gluu.org