From Waveset to midPoint, Part 1

Posted on 6th September 201613th September 2016 by Radovan Semancik

Back in 2000s the Sun Identity Manager was the king. It was the best IDM product pursuant to Gartner. It had a good market share. And according to my experience it was actually the only practical IDM system on the market. Sun Identity Manager is now dead. It died in 2010 when Sun Microsystems was acquired by Oracle. Sun IDM was renamed to Oracle Waveset and the development of the product has been immediately stopped. But Sun IDM is a tough one. Even though it was killed 6 years ago it still survives in a creepy half-life form to this day. Oracle obviously tried to migrate all the Sun IDM installations to Oracle Identity Manager. But many customers refused to migrate. We can only speculate about the reasons, although anyone that had any hands-on experience with Oracle IDM will certainly have an opinion about that. Anyway, the future was not entirely bright for those who still maintain Sun IDM installation. But now there is a new hope. […]

MidPoint 3.4 (Heisenberg) Released

Posted on 28th June 201628th June 2016 by Radovan Semancik

MidPoint 3.4 code-named “Heisenberg” was released a few days ago. This is the sixteenth midPoint release since the project started all these long years ago. MidPoint went a very long way since then.

The Heisenberg release is the best midPoint release yet. We have finished access certification functionality, which makes midPoint the very first open source product to enter the identity governance and compliance playing field. We have also improved midPoint internals to better handle inconsistencies of resource data and we have also made many small internal improvements to increase robustness. This was one of the inspirations for the code-name. Similarly to Heisenberg’s uncertainty principle midPoint accepts that there is a degree of uncertainty when it comes to processing of the identity data. It may not be practically possible to always base the decisions on authoritative data. Practical identity management system needs to accept that the identity data are always in a state of flux – and midPoint does just that. And it manages the data reliably even in situations where other systems fail miserably. […]

There is No Security without Identity Management

Posted on 18th May 201624th May 2016 by Radovan Semancik

It isn’t. That’s how it is. Why? Take any study describing potential information security threats. What do you see among the top threats there? Take another study. What do you see there? Yes. That’s the one. It is consistently marked as one of the most serious threats in vast majority of studies published for (at least) last couple of decades. Yet it looks like nobody really knows what to do about this threat. So, who is this supervillain? He’s right under your nose. It is the insider. […]

Test-Driven Bugfixing

Posted on 13th May 201627th March 2019 by Radovan Semancik

Test-Driven Development (TDD) tells us to write the tests first and only then develop the code. It may seem like a good idea. Like a way how to force lazy developers to write tests. How to make sure that the code is good and does what it should do. But there’s the problem. If you are doing something new, something innovative, how the hell are you supposed to know what the code should do? […]

OpenLDAP Management: slapdconf

Posted on 11th May 201631st May 2016 by Radovan Semancik

I like OpenLDAP. OpenLDAP server is famous for its speed and good open source character. But it is really infamous for ease of management. Or rather a lack of anything that could be called “easy” when it comes to managing OpenLDAP. Managing OpenLDAP content is not that difficult. For manual management there is excellent Apache Read more about OpenLDAP Management: slapdconf[…]

Smart Match

Posted on 9th March 201624th May 2016 by Radovan Semancik

In identity management there is a class of petty issues that appear and re-appear all the time. Even though these issues are easy to understand, they are tricky to completely eliminate and they often have very nasty consequences. These seemingly unimportant issues frequently result in nights spent resolving a total breakdown of IDM system. What is this devil that kills sleep and keeps engineers away from the families? It is the daemon of case insensitivity and his friends. […]

Access Certification in midPoint

Posted on 17th February 201624th May 2016 by Radovan Semancik

Identity Management (IDM) systems usually provide quite a broad mix of features. But there is one thing that no other system can do: management of access rights. No other system comes even close, even if they often pretend to do so. Access rights, privileges, role assignments, authorities, authorizations … whatever these things are called they need to be managed. They need to be assigned to the right people in the right systems at the right time. And that is no easy task. […]

LDAPcon 2015 Is Over

Posted on 18th November 20153rd February 2016 by Radovan Semancik

The LDAP conference was held in Edinburgh this year. And it was fascinating.

It was my first time that I have visited Scotland. Despite the infamous weather conditions it was a very pleasant experience. Edinburgh is a really impressive city. And Scotland has much to offer in a form of food and drinks that pretty much compensate the weather.

It was also my first time at LDAPcon. And now I pity that I’ve missed the previous conferences. I have decided that I will not repeat that mistake ever again. The conference size is just right: enough people to make it interesting and not too many to make it a crowded place. There were LDAP hardcore topics, engineering topics, standards talks and even an excursion to digital humanities and a violin performance. Overall it was a very interesting mix.
[…]

Oracle Security

Posted on 13th August 20153rd February 2016 by Radovan Semancik

There are not many occasions when a CxO of a big software company speaks openly about sensitive topics. Few days ago that happened to Oracle. Oracle’s CSO Mary Ann Davidson posted a blog entry about reverse engineering of Oracle products. Although it was perhaps not the original intent of the author, the blog post quite Read more about Oracle Security[…]

Open Source Identity Ecosystem Idea

Posted on 9th June 20153rd February 2016 by Radovan Semancik

A significant part of open source software is developed by small independent companies. Such companies have small and highly motivated teams that are incredibly efficient. The resulting software is often much better than comparable software created by big software vendors. Especially in the Identity and Access Management (IAM) field there are open source products that Read more about Open Source Identity Ecosystem Idea[…]

Name	Provider	Purpose	Expiry	More information
PHPSESSID	Evolveum s.r.o.	Cookie generated by applications based on the PHP language. This is a general purpose identifier used to maintain user session variables. It is normally a random generated number, how it is used can be specific to the site, but a good example is maintaining a logged-in status for a user between pages.	When you close your browser
moove_gdpr_popup	Evolveum s.r.o.	When this Cookie is enabled, these Cookies are used to save your Cookie Setting Preferences. You can enable or disable your Cookie Settings on our website at anytime via Cookie Settings.	1 year	Read more
wordpress_test_cookie	Evolveum s.r.o.	Tests that the browser accepts cookies.	Session	Read more
wp-settings-[user_id]	Evolveum s.r.o.	Used to preserve user’s wp-admin settings	1 year	Read more
wordpress_[hash]	Evolveum s.r.o.	On login, WordPress uses the wordpress_[hash] cookie to store your authentication details. Its use is limited to the Administration Screen area, /wp-admin/	Session	Read more
wordpress_logged_in_[hash]	Evolveum s.r.o.	Remember User session	Session	Read more
wordpress_sec_[hash]	Evolveum s.r.o.	This cookie is used to store your authentication details. Its use is limited to the admin console area, /wp-admin/	Session	Read more
wp-postpass_[hash]	Evolveum s.r.o.	This cookie is used to grant access to password protected areas of the site.	10 days
wp-settings-time-[user_id]	Evolveum s.r.o.	The number on the end is your individual user ID from the user’s database table. This is used to customize your view of admin interface, and possibly also the main site interface.	1 year	Read more

Name	Provider	Purpose	Expiry	More information
woocommerce_cart_hash	Evolveum s.r.o.	Helps WooCommerce determine when cart contents/data changes.	When you close your browser	Read more
woocommerce_items_in_cart	Evolveum s.r.o.	Helps WooCommerce determine when cart contents/data changes.	When you close your browser	Read more
wp_woocommerce_session_[hash]	Evolveum s.r.o.	Contains a unique code for each customer so that it knows where to find the cart data in the database for each customer.	2 days	Read more
tk_ai	Evolveum s.r.o.	Stores a randomly-generated anonymous ID. This is only used within the dashboard (/wp-admin) area and is used for usage tracking, if enabled.	Session	Read more
comment_author_{HASH} comment_author_email_{HASH} comment_author_url_{HASH}	Evolveum s.r.o.	When visitors comment on your blog, they too get cookies stored on their computer. This is purely a convenience, so that the visitor won’t need to re-type all their information again when they want to leave another comment.	These are set to expire a little under one year from the time they’re set.	Read more

Cookie settings

Strictly necessary

Third party

Technical