Feeds

Unmasking Novell's identity plans

Bandit country

New hybrid storage solutions

Identity systems such as Higgins and InfoCard give us new ways of storing and exchanging information about users; good news for users and developers.

The other half of the picture is managing and auditing those identities and the roles they correspond to, so you can use identities for role-based access control; the features both developers and administrators need to have.

That's one of the pieces Novell's new open source identity management project Bandit aims to address. It's less about providing identities and more about providing common identity services such as authentication, roles, policy and compliance reporting.

The name (apparently a common dog name in the US rather than a reference to masked men), plays on the old joke that on the internet, nobody knows you're a dog; along with the idea of dogtags. More prosaically, according to Novell distinguished engineer Dale Olds, "Bandit focuses on open source implementations of components needed to provide a consistent experience of identity to users and administrators. In practice, this means that we are not advocating a new protocol or standard, but provide implementations and 'glue' for existing standards and systems.";

You can use these components in your applications and network services, working with existing protocols and APIs. Olds believes that Bandit will simplify federating identities from multiple sources (say, LDAP directories and SQL databases) for authenticating users and calculating roles.

"The developer simply uses Bandit components and does not need to know how to code to specific systems or what authentication method or identity repository is used - these things can be configured at installation time rather than during development."

If that sounds like the Higgins Project, it's no coincidence. Bandit builds on Higgins, which you can think of as a unifying API for different identity systems. Many Bandit components are built on top of the Higgins Identity attribute service, adding higher-level services like role calculations and audit record reporting. Bandit also implements new Higgins Context Providers, extending the number of identity systems Higgins covers to include Novell's eDirectory.

There are components from SUSE Linux; the authentication services component (CASA) and the identity database (FLAIM). FLAIM is the database used by eDirectory and GroupWise; Olds calls it a scalable repository for the semi-structured data common to identity systems. There's also a credential store that synchronises passwords and other credentials among various Linux system services.

Put it all together and you could log on to a Linux workstation securely, using a smartcard and LDAP and have your name and credentials captured by CASA.

When you visit a website that uses Bandit, a browser extension will detect this, ask you which identity you want to provide to the site and what information you're willing to make available (which doesn't have to be everything the site is asking for) and then use CASA and the Higgins identity framework to log in the identity stores that have your credentials in – including the original LDAP server.

You see that the information has been transferred and you get on with your browsing or shopping without having typed in yet another password. Head to another Bandit-powered site and you might be asked for information again; you get to choose which identity to give each site and which details to disclose.

While Bandit is a long way from being finished, Olds encourages developers to start working with it – and to give feedback on what they want to see. Given Novell's investment in eDirectory, it's not surprising that Bandit doesn't mean replacing any existing directory services or metadirectory services you may already have in place.

Instead, Olds claims: "They make it easier for developers to write applications and services that use and integrate those identity systems. Developers can use Bandit and Higgins to access such systems without knowing specific mechanisms and protocols. Therefore, they can focus more on identity services and such emerging diverse areas as reputation and compliance verification."

Bandit is building part of what Olds calls the "identity fabric", similar to the "identity metasystem" Microsoft's Kim Cameron refers to; an abstraction layer for identity that lets you work with the same identity concepts and services across multiple systems.

This isn’t co-incidence – or rivalry. Bandit provides some of the pieces for an identity infrastructure; others come from Higgins, Microsoft, the Liberty Alliance, the WS-* standards and other players in the identity world, and they're all beginning to interoperate.

According to Paul Trevithick of the Higgins project: "What you're starting to see is the emergence of several key open source projects in the identity space, and increasing levels of cooperation between them. Higgins working with Bandit is just one example of this."

Similarly, the open source OSIS identity selector project is more than a way to work on open source implementations of InfoCard. It's the major identity players – including Microsoft, Novell, IBM and Verisign – getting together with the open source community to pull together the new identity systems to give the internet the workable identity platform it needs. ®

Security for virtualized datacentres

More from The Register

next story
Not appy with your Chromebook? Well now it can run Android apps
Google offers beta of tricky OS-inside-OS tech
Greater dev access to iOS 8 will put us AT RISK from HACKERS
Knocking holes in Apple's walled garden could backfire, says securo-chap
NHS grows a NoSQL backbone and rips out its Oracle Spine
Open source? In the government? Ha ha! What, wait ...?
Google extends app refund window to two hours
You now have 120 minutes to finish that game instead of 15
Intel: Hey, enterprises, drop everything and DO HADOOP
Big Data analytics projected to run on more servers than any other app
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Top 5 reasons to deploy VMware with Tegile
Data demand and the rise of virtualization is challenging IT teams to deliver storage performance, scalability and capacity that can keep up, while maximizing efficiency.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.