If you're new here, you may want to subscribe to my RSS feed. Thanks for visiting!

SAP plugs a significant gap - acquires MaXware | MWD

MaXware are one of the market leaders in the directory virtualisation space (although they actually provide many other identity solutions, it’s fair to say this is what they are best known for!) competing primarily against Oracle with the former Octetstring product and Radiantlogic (disclaimer: my employer is a partner of both those companies) so I find this particularly interesting news. The entrance of SAP into the identity management space is potentially a warning shot to other providers - as Neil Macehiter points out in his post he predicted previously that SAP would enter the market through the purchase of Ping Identity (again, another company I work closely with).

SAP solutions, since they are so commonly used in enterprise, are often the focus of identity management projects and their entrance into this space should only serve to accelerate integration and push identity into the thoughts of enterprise architects.

ADDENDUM @11.03 18/05/2007: Lori Rowland (of the Burton Group) has a commentary focusing on the SAP/Oracle relationship/rivalry and the implications of this acquisition on it.

Sun may never set on British Empire’s pint | The Register

A victory for common sense above all else - although one of the things that makes us British is our quirky attitude towards the metric system!

Although I’m in my (early!) thirties and was born after the supposed metrication of Great Britain I still use imperial measurements often during every day life - I’m 5′10″ tall, milk (and more importantly beer!) comes in pints, my commute to the office is eight miles and bags of sugar are one pound in weight. There are some oddities - I weigh about 80 kilos, although my recently born nephew (congratulations to Mark and Louise, by the way!) weighed 7lb 9oz at birth and we buy fuel in litres (I was too young to drive when gallons were used to sell fuel and this creates the interesting situation where economy is calculated as miles per litre). This probably seems to strange to everyone in those countries who use one system or the other exclusively, but I (and most of my countrymen, I suspect) don’t care.

The most important point about the ruling is that it doesn’t actually matter what the unit of sale is - if someone wants to label a bag of onions as 1lb and 454g in weight then it suits everyone - someone who works in metric only will understand the quantity and those who work in imperial measures will also understand and be comfortable with it. Sure, the quantities may not be rounded to some arbitrary number, but that seems to be the conjecture of the people who want to force systems upon us. Just because a system is based upon the number ten it doesn’t mean that everything has to fit into nice rounded numbers of ten, 100 or 1000! At least our traditional units actually mean something (or did in the past!) instead of being arbitrary.

Rant over

I make my living designing solutions around and implementing other people’s products, which means I often have to live with the quirks without having the same direct line to the development teams that I would with an in-house solution. Ease of use and the increasing “commoditisation” of identity management products and solutions is both a blessing and a curse - obviously the easier these solutions are to deploy the less demand there is for my services, but conversely it enables my time to be better spent doing the fun stuff rather than tedious configuration.

This was driven home to me this week when I was setting up a demonstration, showing SAML 2.0 between a CA SiteMinder IdP and Ping Federate SP. Neither product is really that difficult to configure and all was well until I got to the stage of generating keys and certificates for signing the assertion (as required when using the SAML post profile). It’s a minor step in the whole process and should have taken moments - I’ve not set up a SiteMinder IdP recently so checked the documentation.

The private key needs to be RSA, DER encoded in PKCS8 format (snore) so I fired up OpenSSL to generate the key and the CSR (certificate signing request - to be sent to the CA) - should be simple enough in theory but getting the order of commands right (to convert encoding and format) might be a challenge! I eventually got there - but then discovered that the CSR wouldn’t work for the DER encoded key. Eventually (thanks to a colleague) I managed to work around it - put the key in both PEM and DER, use one for the CSR and import the other into SiteMinder’s key database (along with the signed cert)….

The same process using Ping Federate as an IdP is much, much easier. Literally a case of point and click within the UI - generate a key and CSR, get a signed cert, then import it. It should be pretty obvious which product is most likely to be recommended in future

I’ve hit occasional problems with Ping software itself - including an annoyance with the license keys during the course of setting up this demo - so they don’t get off scott free, but frankly, I also know which organisation I hold more hope of getting a fix from for a bug report in a timely manner!

UPDATE @ 15/05/07 21:02 : I received a nice email from Andre Durand (CEO of Ping Identity) yesterday evening as a follow up to this - hopefully we’ll have plenty of reasons to work together in future and it show’s one of the wonders of the modern Internet and how companies can use this to their advantage. I wonder if anyone in the marketing departments of companies like CA monitor blogs for mentions…