Linux Foundation debuts new, secure, open source cloud native access management software platform

Based on the Gluu server, the Janssen Project prioritizes security and performance and features signing and encryption functionalities.

opensourceistock-485587762boygovideo.jpg

Getty Images/iStockphoto

Every time we use an online pay service, manage our finances online, or enter our credit-card information, we're demonstrating our good faith. Now, one organization wants to help us feel even more secure.

SEE: Meet the hackers who earn millions for saving the web, one bug at a time (cover story PDF) (TechRepublic)

Today (Dec. 8), the Linux Foundation announced a cloud-native identity and access management software platform that prioritizes security and performance, the Janssen Project, which is based on the Gluu server and features signing and encryption functionalities. 

The integrity of our connections online is conveyed via identity software, from our devices to a complex web of backend services. Despite assurances and encouragement on this use, which we grow increasingly dependent on, digital identity remains a challenge and is at the very crux of delivering truly trustworthy online security.

SEE: Guide to becoming a digital transformation champion (TechRepublic Premium)   

The Linux Foundation, a nonprofit organization enabling innovation through open source, also announced the Janssen Project Technical Steering Committee (TSC), which is comprised of engineers from IDEMIA, F5, BioID, Couchbase, and Gluu.

It may not seem like a fresh concept—others have developed identity and access management platforms now in use—but the Janssen Project aspires to tackle, the Linux Foundation assured, "the most challenging security and performance requirements." 

Janssen uses a set of signing and encryption functionality, applicable for high-assurance transactions. It's based on new code that fuels the Gluu Server, which passed, said the Linux Foundation, the most OpenID self-certification tests among platforms. 

By using advanced, persistent Kubernetes auto-scaling, Janssen can handle demanding requirements for concurrency, and this assessment is based on demonstration of more than 1 billion authentications per day

"Excellence in identity and access management will enable organizations to more rapidly introduce new services," said Mike Schwartz, chair of the steering committee. "Facility with the technology also improves the user experience. So, the stakes are high. While hosted identity and access management offerings from the likes of Microsoft, Google and Okta are fantastic, there are still use cases where enterprises need more security, privacy, or control."

Striving to provide trust is not a competitive race between developers. "No one wins in an insecure society with low trust," Schwartz said, and stressed that "trust and security are not competitive advantages." Trust is built, he added, through the open-source development methodology. Not all businesses can outsource trust, but Schwartz said the Janssen Project's goal is to bring transparency, best practices, and collective governance to the long-term maintenance" of the effort.

In addition to Schwartz, the TSC includes Rajesh Bavanantham, domain architect at F5 Networks/NGiNX; Rod Boothby, head of digital trust at Santander; Will Cayo, director of software engineering at IDEMIA Digital Labs, and Ian McCloy, principal product manager at Couchbase.

Also see 

By N.F. Mendoza

N.F. Mendoza is a writer at TechRepublic and based in Los Angeles. She has a BA in Broadcast Journalism and Cinema Critical Studies and a Master's of Professional Writing, both from USC. Nadine has more than 20 years experience as a journalist coveri...