Ten Impacts of the Janssen Project on Gluu

Open Source Digital Identity

By now, you’ve probably read the announcement about the creation of the Janssen Project at the Linux Foundation. This was the culmination of many months of collaborative planning–we started in early March 2020, before the pandemic. You may be wondering, why did we do it? What does it mean for Gluu? Following is a discussion of some of the thoughts behind the decision.

Doubling Down on Open Source

I’m a big fan of open source software development. But does it make sense to launch a business around an open source project? And if so, what is the best way to do it? To answer these questions, in 2018 I launched a podcast called Open Source Underdogs. After publishing 55 episodes, I’m more convinced than ever that it makes sense for identity and access management software–an infrastructure based on open Internet standards–to leverage the open source development methodology. However, I also concluded that it was beneficial to make the boundary at Gluu more clear between what is open source, and what is commercial. Moving the project to the Linux Foundation helps to achieve this goal. Companies or organizations can trust that the Janssen project will always be open source. And we’ll do our best to make sure that the community is vibrant enough to drive Janssen to maintain a leadership position among identity and access management platforms.

Better Code

The paramount goal at Gluu is to write the best open source identity platform in the world. Increasing the transparency of the development process, aligning with the Core Infrastructure Initiative, and adopting other best practices in the development of our software–out in the open–will help us improve the quality of the software. Yes we could do this on our own. But collaborative project governance will help to keep us focused on the things that are important.

Innovation

Digital identity and security are evolving as rapidly as the devices we use, and the weaknesses hackers seek to exploit. Gluu Server 4.2 is already the most certified OpenID Connect provider currently available. The Janssen Authorization Server, a fork of Gluu Server 4.2, is starting from an advanced position. But this battle is not won. Victory will require a long sustained effort of many years. Innovation is the essential complement to quality. The open source development methodology results in faster innovation for core infrastructure. But simply changing the license on your software is not enough! To put a project into a higher gear, you need to engage the community. We’re hoping that the move to Janssen will more effectively accomplish this.

Community Governance

,p>For the last ten years, the project has been governed through the equivalent of enlightened despotism. This made sense because the goals of the project, and the business goals of Gluu were roughly aligned. However, for the long-term benefit of the project, we need to democratize. Other people and organizations who invest in the project should have a say in the direction of the project. The Technical Steering Committee is defined by the Project Charter to provide this governance.

Developer Engagement

The launch of the Janssen project is an opportunity for us to become more responsive to the needs of the developer community. How we build the software needs to become a more open and collaborative process. It’s going to take some work to get there, but we’re committed to make it happen. We plan to make more developer friendly choices. If you have any ideas for how to do this, please share!

Ecosystem

When it comes to the development of core infrastructure software, no company is an island. A group of organizations with an aligned economic interest provide a solid foundation to sustain an open source project in the long term. Gluu will continue its mission to productize open source software, making it more consumable by enterprises. The Janssen project software is the critical component of that offering. But other companies can develop a commercial value proposition that aligns with their business goals. The more companies that have a stake in the success of Janssen, the better.

Cloud Native

Companies always have to look out for disruptive technologies. Cloud native is the most disruptive infrastructure technology since virtualization. By nature and doctrines, the cloud native community prefers open source components. So if we want to position Janssen as the ideal authentication and authorization component of a cloud native stack, it has to be open source. And to the extent that moving the project to the Linux Foundation strengthens Janssen’s position as an open source platform, it helps us build trust with the cloud native community. At the same time, we have to recognize that there are still organizations that are not ready to make this leap. So while we are “all in” on cloud native, we also want to provide a bridge to get to the other side of the river. Janssen will implement cloud native design principles–many of which make sense intrinsically, no matter what kind of infrastructure you’re running. But at the same time, we are not dogmatic about how organizations can use the software.

Gluu 5

With the introduction of Janssen, the line between open source and Gluu becomes more clear. Gluu Server 5 will be introduced in the first quarter of 2021. This gives us an opportunity to do something we’ve been trying to do for many years: move to an open core business model, where a vendor adds value on top of an open source software distribution. Gluu Server 5 will be the first Gluu distribution to feature the Janssen Auth-Server as the core security engine. It will also feature a new and improved admin web interface. The Gluu management team believes that licensing this new distribution will greatly improve monetization, which will result in more budget for open source research and development. We will continue to patch Gluu Server 4.2.x until it’s end-of-life in December 2022.

Gluu Cloud

Janssen’s focus on cloud native design principles will come in handy, as Gluu is planning to launch a single-tenant hosted service called “Gluu Cloud.” People have been asking us to launch a hosted service for years. It’s not that we weren’t listening. Sometimes it just takes a while to act on all these good ideas. One of the benefits of launching Gluu Cloud is that the experience we gain will have a positive feedback loop for cloud native features in Janssen. Hopefully other vendors around the world will also launch a similar service in their markets–and join the Janssen Project! Using the cloud native stack, and the new Janssen config-api, hosted providers can now automate the entire auth-server provisioning process, and build their own business specific, branded interfaces. Look for Gluu Cloud Q2 2021.

Janssen VIP Support

Some current or future Gluu customers may not want to move to the commercially licensed Gluu Server 5. They may want to stick with the freedom afforded by the permissive license of an open source distribution. The good news is that Gluu has got your back. We will continue to offer a VIP support package (for the Janssen distribution) so you can open private issues in our support forums, get an SLA on the response to support issues (e.g. one hour for severity one), communicate on our Rocket chat channels, and schedule ad hoc Zoom calls.

Conclusion

Here at Gluu we are grateful to the Linux Foundation for helping us to launch Janssen. It’s been a lot of work! I truly believe that by making the software more open, we’ll both have a more positive impact in the world, and that we’ll achieve Gluu’s growth objectives. If you want to join the project, start by checking out the project homepage at https://jans.io.

Have an IAM project you would like to discuss?