Trust and Internet Identity Meeting Europe
Feb 2020: Workshops and Unconference

OSS IDM

(Matthew Hardin)

Continuation of the OSS IDM topics from the previous conference days

  1. OpenLDAP removed from RH/SUSE
  2. OSS coordination
  3. OSS IAM -> how to get this into the mainstream
  4. OSS IDM Biz models

  5. OpenLDAP removed from RH/SUSE Symas has been the main driver behind OpenLDAP. OSS is only a quarter of the process. Training, testing, packaging, consulting, support etc. is the rest. So, what happens, if Redhat pulls the OpenLDAP server packages? SYMAS OpenLDAP gold is a premium version: OpenSSL, Kerberos, SASL and other critical components are not taken from the OS, to be quicker and flexible. LMDB replaced Berkley. 2.5 had enhancements to scale certain things, like large groups. SYMAS packages fit into the same locations as the ‘original’ Redhat. Redhat 2.4.45 or so, SYMAS delivers both 2.4.x 2.5.x

Martin: For my organization some assurance for continued support from a vendor -> SYMAS will provide this

389 fineprint is only free with the RH IAM, but not as stand-alone product.

GUI: Can use Apache Directory Studio, but is not complete, e.g. ACL cannot properly do, sequence of configurations is important.

Do-it-yourself builds: lots of warnings, but SYMAS takes care that all warnings have been looked at.

  1. OSS coordination

Will schedule a separate session tomorrow morning.

Possible topics: Financing of open source development (maybe including bounties?) Coordination across small businesses supporting open source projects Cross project coordination (development cycles, product interoperability, etc.)

How to deal with bug bounty programs? There is an EU bug bounty program. While security researchers need to be funded, there are no funds going to OSS program to fix them.

  1. OSS IAM -> how to get this into the mainstream
  2. OSS IDM Biz models

Matthew Hardin on OSS Biz Models and cooperation for IAM

“we write software, give it away and sell services around it”

The OS vendors does not support servers good enough: too old, libraries that still contain CVEs, ..

Collaborations

  • Integrators - support their customers, use Symas for deeper support, like 24x7x365
  • Resellers AP consolidation(mostly)
  • Agents “Support contracts”
  • Partners “Reference sell/cross sell”

The largest part of the revenues come from support contracts, that are usually direct,