Open source community crowdfunds plugin for 300 million Apache Web Servers
Leading open source identity and access management companies join 30 individuals to crowdfund OAuth2 plugins for Apache web servers.
September 10, 2013 – Austin, TX — Gluu announced today that its crowdfunding initiative to develop two OAuth2 security plugins for the Apache web server successfully “tilted”. The first plugin will make it easier for web developers to authenticate people using the proposed OpenID Connect protocol, which is on track to be adopted by large consumer services like Google and Facebook, as well as by organizations both large and small. The second plugin will enable organizations to use the UMA profile of Oauth2 to control access to web resources.
“We are thrilled about the success of this crowdfunding initiative. It will enable us to immediately engage the technical resources to bring this important technology to market,” said Gluu CEO and campaign admin Michael Schwartz. “The web server plugin is a proven design to secure applications. The approach is easy for web developers to use, and leverages open standards that free organizations from vendor “lock-in” to proprietary security software infrastructure.”
In addition to the approximately 30 individuals who contributed to the campaign, three pioneering companies stepped in to provide two thirds of the funding. The first was Falcon Consulting, Gluu’s exclusive distribution partner in Japan and South Korea. The second was Symas, the primary technical contributor to the OpenLDAP platform. The final sponsor was ForgeRock, one of the industry’s leading open source identity software vendors.
“OAuth2 promises to solve a handful of federated SSO requirements that were only partially addressed by earlier technologies like SAML,” said Allan Foster, VP of Technology and Standards at ForgeRock. “Open source OAuth2 client software for popular web servers like Apache will facilitate interoperability testing, and enable us to prove out the feasibility of using OAuth2 for central authorization.”
The crowdfunded plugin will be donated to Kantara for maintenance and marketing. Joni Brennan, Executive Director of Kantara said, “crowdfunding open source software is a testament to the remarkable individuals and organizations that define our ecosystem. Hosting plugins that further open standards for identity leverage Kantara’s trusted vendor neutral position. We look forward to additional projects coming online in the future.”
“Today the web server plugin is the most common approach large organizations use to centralize authentication and authorization,” explained Masamichi Takahashi from Falcon Systems Consulting. “We immediately recognized that an open source plugin would help maintain reverse compatibility with previous application integrations — the approach is similar enough to require minimal changes to most applications.”
Marty Heyman, President at Symas, added “this project is complementary to Symas’ Open Source Access Management Stack. Hopefully the Apache web server is just a start, and we’ll see plugins soon for IIS, nginx and popular CMS and CRM platforms. Making it easier for web developers to use OAuth2 will expand the market for everyone, while making the Internet a safer place–its a win-win for everyone. Native application developers will still need libraries, but there are a lot of websites out there that could really benefit from the web server plugin approach.”
This was Gluu’s first foray into crowdfunding. “Although I wasn’t surprised the campaign tilted, I was surprised how it tilted,” said Schwartz. “Individuals gave more than we expected. The companies who we thought would benefit the most from the software were on the sidelines. But in the end, the open source companies stepped up to the plate and enabled us to succeed.”
Gluu helps organizations design, build, and operate authentication and authorization (“AA”) systems to secure web and mobile applications using open source software. Gluu leverages open standards such as OAuth 2.0, SAML, and RADIUS to enable organizational strong authentication, single sign-on (SSO), and web access management (WAM). The “OX” open source project, maintained by Gluu, implements two profiles of Oauth2: OpenID Connect for authentication and UMA for authorization. The Gluu Server subscription is a managed service that enables organizations provide standards based access management for their Internet domain, on the IAAS platform of their choice. Gluu’s website is http://gluu.org