New Juju application security framework Committee formed with Gluu, ForgeRock and Canonical
Seven leading identity and access management organizations collaborate with Canonical to make it easier to secure applications with open standards like OpenID Connect.
London, UK, March 26, 2014 — Gluu and ForgeRock, leaders in open source application security, today announce they will lead the Juju Application Security Framework Design Committee. The Committee, originally set up by Canonical, the organization behind Ubuntu, will develop a standards based application security tool to enable organizations to define, configure and deploy services to any cloud quickly and easily.
The Committee will define the relationships needed to enable orchestration between applications and common security components, like user provisioning systems, authentication services, and API access management. Where possible, the Committee will leverage existing standards and best practices. For example, OpenID Connect is likely to be adopted for authentication, the Simple Cloud Identity Management (SCIM) API for user provisioning, and the User Managed Access protocol (UMA) for API access management.
“The JuJu labs project will enable businesses of all sizes to implement an enterprise grade security infrastructure,” said Michael Schwartz, CEO of Gluu. “Our vendor agnostic and interoperable approach will support open source, SaaS and commercial applications. We want to give domains as much flexibility as possible to choose a security solution that makes sense for their requirements, and to integrate a wide array of applications quickly and easily. Canonical is a clear industry leader in orchestration, which is key to driving down the cost and complexity of domain security.”
“By providing a standard Juju framework for application security,” said Lasse Andresen, ForgeRock CTO, “we can reduce the “last mile” cost that organizations face when securing an ever-expanding array of websites and mobile applications. Driving down the deployment and operational costs are essential for improving security on the Internet.”
DevOps and sysadmins can use Juju ‘Charms’ to quickly deploy sophisticated applications to a number of different platforms including bare metal servers, container technologies such as LXC or Docker, public cloud platforms like Amazon EC2 and Microsoft Azure as well as private cloud infrastructures. Juju understands the relationships between the services that make up an application architecture, which means it can easily deploy, manage and scale environments in a consistent manner irrespective of the deployment platform. The new security framework would make it easier for developers to move away from managing user accounts and for domains to offer stronger authentication and trust elevation.
“At Ubuntu, we want to enable instant single sign-on and strong authentication,” said Maarten Ectors, Cloud Strategy Director at Canonical. “Juju is a potential game changer that could have a significant impact on how organizations design and deploy a cloud infrastructure that scales to meet modern security requirements.”
Juju provides both a command-line interface and an intuitive web app to design, build, configure, deploy and manage a cloud infrastructure. Juju Charms define applications as services, and there are 100’s of Charms already created and ready for use.
Gluu is an Austin, TX startup whose open source authentication and API access management stacks helps companies secure Web and mobile applications. Gluu leverages standards such as OAuth2, OpenID Connect, UMA, SAML 2.0, and SCIM to enable federated single sign-on (SSO) and trust elevation. The Gluu Server is used by universities, government agencies, and companies to secure employee facing and consumer network services.
ForgeRock, the fastest growing identity relationship management vendor in the world, is building secure relationships across the modern Web. Focused on using online identities to grow revenue, extend reach, and launch new business models, ForgeRock’s Open Identity Stack powers solutions for many of the world’s largest companies and government organizations. Founded in 2010, ForgeRock’s leadership team brings 80 combined years of experience in the software industry and includes open source icons and innovators, with investors from two of the leading global venture capital firms — Accel Partners and Foundation Capital.