Feeds

Unmasking Novell's identity plans

Bandit country

Securing Web Applications Made Simple and Scalable

Identity systems such as Higgins and InfoCard give us new ways of storing and exchanging information about users; good news for users and developers.

The other half of the picture is managing and auditing those identities and the roles they correspond to, so you can use identities for role-based access control; the features both developers and administrators need to have.

That's one of the pieces Novell's new open source identity management project Bandit aims to address. It's less about providing identities and more about providing common identity services such as authentication, roles, policy and compliance reporting.

The name (apparently a common dog name in the US rather than a reference to masked men), plays on the old joke that on the internet, nobody knows you're a dog; along with the idea of dogtags. More prosaically, according to Novell distinguished engineer Dale Olds, "Bandit focuses on open source implementations of components needed to provide a consistent experience of identity to users and administrators. In practice, this means that we are not advocating a new protocol or standard, but provide implementations and 'glue' for existing standards and systems.";

You can use these components in your applications and network services, working with existing protocols and APIs. Olds believes that Bandit will simplify federating identities from multiple sources (say, LDAP directories and SQL databases) for authenticating users and calculating roles.

"The developer simply uses Bandit components and does not need to know how to code to specific systems or what authentication method or identity repository is used - these things can be configured at installation time rather than during development."

If that sounds like the Higgins Project, it's no coincidence. Bandit builds on Higgins, which you can think of as a unifying API for different identity systems. Many Bandit components are built on top of the Higgins Identity attribute service, adding higher-level services like role calculations and audit record reporting. Bandit also implements new Higgins Context Providers, extending the number of identity systems Higgins covers to include Novell's eDirectory.

There are components from SUSE Linux; the authentication services component (CASA) and the identity database (FLAIM). FLAIM is the database used by eDirectory and GroupWise; Olds calls it a scalable repository for the semi-structured data common to identity systems. There's also a credential store that synchronises passwords and other credentials among various Linux system services.

Put it all together and you could log on to a Linux workstation securely, using a smartcard and LDAP and have your name and credentials captured by CASA.

When you visit a website that uses Bandit, a browser extension will detect this, ask you which identity you want to provide to the site and what information you're willing to make available (which doesn't have to be everything the site is asking for) and then use CASA and the Higgins identity framework to log in the identity stores that have your credentials in – including the original LDAP server.

You see that the information has been transferred and you get on with your browsing or shopping without having typed in yet another password. Head to another Bandit-powered site and you might be asked for information again; you get to choose which identity to give each site and which details to disclose.

While Bandit is a long way from being finished, Olds encourages developers to start working with it – and to give feedback on what they want to see. Given Novell's investment in eDirectory, it's not surprising that Bandit doesn't mean replacing any existing directory services or metadirectory services you may already have in place.

Instead, Olds claims: "They make it easier for developers to write applications and services that use and integrate those identity systems. Developers can use Bandit and Higgins to access such systems without knowing specific mechanisms and protocols. Therefore, they can focus more on identity services and such emerging diverse areas as reputation and compliance verification."

Bandit is building part of what Olds calls the "identity fabric", similar to the "identity metasystem" Microsoft's Kim Cameron refers to; an abstraction layer for identity that lets you work with the same identity concepts and services across multiple systems.

This isn’t co-incidence – or rivalry. Bandit provides some of the pieces for an identity infrastructure; others come from Higgins, Microsoft, the Liberty Alliance, the WS-* standards and other players in the identity world, and they're all beginning to interoperate.

According to Paul Trevithick of the Higgins project: "What you're starting to see is the emergence of several key open source projects in the identity space, and increasing levels of cooperation between them. Higgins working with Bandit is just one example of this."

Similarly, the open source OSIS identity selector project is more than a way to work on open source implementations of InfoCard. It's the major identity players – including Microsoft, Novell, IBM and Verisign – getting together with the open source community to pull together the new identity systems to give the internet the workable identity platform it needs. ®

Bridging the IT gap between rising business demands and ageing tools

More from The Register

next story
NO MORE ALL CAPS and other pleasures of Visual Studio 14
Unpicking a packed preview that breaks down ASP.NET
DARPA-derived secure microkernel goes open source tomorrow
Hacker-repelling, drone-protecting code will soon be yours to tweak as you see fit
Cheer up, Nokia fans. It can start making mobes again in 18 months
The real winner of the Nokia sale is *drumroll* ... Nokia
Put down that Oracle database patch: It could cost $23,000 per CPU
On-by-default INMEMORY tech a boon for developers ... as long as they can afford it
Google shows off new Chrome OS look
Athena springs full-grown from Chromium project's head
Apple: We'll unleash OS X Yosemite beta on the MASSES on 24 July
Starting today, regular fanbois will be guinea pigs, it tells Reg
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
prev story

Whitepapers

Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Seven Steps to Software Security
Seven practical steps you can begin to take today to secure your applications and prevent the damages a successful cyber-attack can cause.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.