Application Security and Single Sign On

In 2017 I will be developing a new, open source, application security and single sign on solution. It will compete directly with OneLogin and Okta. Since 2000 I have built four solutions just like this.

In 2000 I took my first stab at this for EVLogix. My solution consisted of a few classes and a few web pages that secured our main web app, using classic ASP. I'm sure it was completely insecure. I hope it's not still being used.

In 2008 I had a grand idea to create an "application framework" which provided a dashboard for users to launch their web applications and gave developers a way of managing apps and accounts. I was building user-management-type-stuff into every app I wrote and this would allow me to skip that and just get to the point of what each app was meant to do. I created a LLC and developed the source under it. Eventually I abandoned the project when I realized what I had built could be done better. It was .NET based but was using ASP.NET web forms and the API requests were parsed and constructed in a non-standard way.

In 2010 I built a new solution for the company I was working for at the time, Digital Risk. The web portion was built using ASP.NET MVC and the API moved to a WCF service. This was much improved, however, some design choices were poor and I started securing other WCF services with it. This resulted in security overload and made it frustrating for other developers to use.

In 2014 I built another solution for Derive Systems (who I currently work for). The web portion and API are again written in ASP.NET MVC and WCF, but I didn't make any mistakes I had made previously. It's secure and easy for developers to use with web, mobile, and desktop apps.

So why am I developing yet another solution?

My primary reason is to use this as a way of learning .NET Core. .NET Core is cross-platform so it can be hosted on Windows and Linux. I also want the solution to be open-source to promote broader use and gain input from different people. I am a big fan of GitHub so I am hosting the source on there.

I haven't decided on one thing yet - whether the solution will be simultaneously used for profit or not. Exceptionless currently works on this model and they do a good job of it. I recently listened to a podcast on Andreessen Horowitz in which they said this model is gaining popularity. Using the solution for profit will affect the type of open-source community members that choose to contribute so I am taking that into consideration as well.

I am looking for community members who want to get involved early. If so, shoot me an email, hit me up on twitter, or create some issues on GitHub!