Mom, look what OpenSSO did to my Login Use Case

My normal Login Use Case -- and what OpenSSO did to it.

When I first start working on a new project, it's often hard to get customers to talk about a new web application. They tend to vaguely know what they want, but when I ask them specific questions things can come to a grinding halt. It's like they realize they need a software application, and they've thought it through partially, but they just don't know how to get started.

When I see this happening during a first meeting with a customer, in an effort to get the ball rolling I'll say something like, "Okay, there is a login page, right?", and then sketch that out a little page with a username and password, and then ask what they think the user should see right after they log into the system.

OpenSSO changed my simple Login Use Case

Over the last several weeks I've realized that this approach is going to need a little refinement. I've been working with an open source project named OpenSSO that delivers single sign-on (SSO) and cross-domain single sign-on (CDSSO) to web applications (and web services), and really revolutionizes the whole world of SSO, CDSSO, authentication, and authorization. (It also has support for SAML v2, which is very cool.)

I'll get into all that over time, but today, on a much smaller scale, it also changes how I'll get customers to talk about their applications. Now instead of asking, "There's a login page, right?", I'll have to find a different way of posing this question, because when you start working with a product like OpenSSO, yes, there is a login page, but there's really just one shared login page for all of your applications.

I'll probably write a lot more about OpenSSO as time goes on (as it's pretty much all I've worked on recently), but as I was just making a cup of coffee, it occurred to me how much this project has changed my thinking about this "simple login process". There may be a day again where I don't have to think about users logging into multiple applications across domains, reverse proxies, agents, SAML, Federations, Fedlets, LDAP, Java, PHP, Ruby, Python, etc., but right now this is an important problem, and OpenSSO is looking like a pretty good solution.