Wednesday, January 31, 2007
Enterprise Portals and Security
I downloaded the latest release of Liferay Enterprise Portal over the weekend to familiarize myself with all the latest features. Out of the box, it integrates with ServiceMix, the number one open source Enterprise Service Bus within Fortune enterprises along with integration with both Alfresco (Enterprise Content Management) and JBoss JBPM. A portal that integrates with an ESB, ECM and BPM out of the box is exactly what enterprises seek yet the large analyst firms seem to be ignoring them. Luckily, enterprises realize that the reason Liferay doesn't get coverage is that it has a higher goal than merely making money and therefore the pursuit of the magic quadrant or wave doesn't really matter. I suspect if the analysts changed their models to be more friendly towards open source then Liferay would be in the leaders category, but this is a topic for another blog.
In terms of security, Liferay also uses secure software development practices and is a participant in Fortify Software secure coding program. I haven't heard of the portal development teams from either BEA, IBM or Oracle using the same tools, nor evangelizing secure coding practices so this probably is a predictor.
Liferay also seems to be the only Portal, Commercial or Open Source that provides seamless out-of-the-box integration with Single Signon products ignoring Yale CAS, Netegrity Siteminder and others. As we know, SSO products help in the security challenge as it reduces the amount of passwords folks have to write down on sticky's.
Liferay also supports externalization of authorization via the XACML protocol. BEA Enterprise Portal is the only other in the marketplace that does so today. This is important especially in situations where portals are used to aggregate different products (BPM, ECM, ERP, CRM, etc) that may all have their own disparate authorization models.
Finally, if you decide to create your own identity store for the portal it supports the SPML protocol which integrates nicely with all those wonderful identity management tools in the marketplace. I wonder if there are other portals that plan on supporting both Cardspace and OpenID?