SourceID.org – when Open Source just plain isn’t
In looking for a Java-based SSO solution, I came across “SourceID.org”:http://www.sourceid.org – an attempt to build an “open source” (and I use the term loosely) federated identity management framework based on Liberty Alliance specifications.
Sounds like a great idea right? Certainly! It sounds awesome.
I was eager to try it out and tried to download – problem, I was presented with a huge license agreement. Initially I thought it was just an over-cautious company presenting me an OSI license to ‘accept’ but that’s not the case at all.
Despite having “Open Source” blazened across the site and throughout the copy, this is in fact proprietary software.
Here’s some of the hogwash on the licensing page:
bq. All SourceID software is offered under a hybrid open source-commercial license called the “Public Source License”. SourceID’s PSL(s) are designed to accelerate open adoption and innovation while maintaining a single commercially sponsored but community enhanced code-track which leverages contributions from both individuals and corporations. The PSL combines the best attributes of commercially supported software and open source community contribution while providing full access to source code.
So basically the source is available to all, but if you want to use it in a commercial project you pay. To me, that’s proprietary software under a developer source license. Now there’s nothing wrong with it (it’s a very good model I think), but to talk about how your software is Open Source (even putting out press releases to that end!) when it’s not is just shady in my book.
Anyone know of any other alternatives in the Java SSO space?
