Feeds

Unmasking Novell's identity plans

Bandit country

The Power of One Brief: Top reasons to choose HP BladeSystem

Identity systems such as Higgins and InfoCard give us new ways of storing and exchanging information about users; good news for users and developers.

The other half of the picture is managing and auditing those identities and the roles they correspond to, so you can use identities for role-based access control; the features both developers and administrators need to have.

That's one of the pieces Novell's new open source identity management project Bandit aims to address. It's less about providing identities and more about providing common identity services such as authentication, roles, policy and compliance reporting.

The name (apparently a common dog name in the US rather than a reference to masked men), plays on the old joke that on the internet, nobody knows you're a dog; along with the idea of dogtags. More prosaically, according to Novell distinguished engineer Dale Olds, "Bandit focuses on open source implementations of components needed to provide a consistent experience of identity to users and administrators. In practice, this means that we are not advocating a new protocol or standard, but provide implementations and 'glue' for existing standards and systems.";

You can use these components in your applications and network services, working with existing protocols and APIs. Olds believes that Bandit will simplify federating identities from multiple sources (say, LDAP directories and SQL databases) for authenticating users and calculating roles.

"The developer simply uses Bandit components and does not need to know how to code to specific systems or what authentication method or identity repository is used - these things can be configured at installation time rather than during development."

If that sounds like the Higgins Project, it's no coincidence. Bandit builds on Higgins, which you can think of as a unifying API for different identity systems. Many Bandit components are built on top of the Higgins Identity attribute service, adding higher-level services like role calculations and audit record reporting. Bandit also implements new Higgins Context Providers, extending the number of identity systems Higgins covers to include Novell's eDirectory.

There are components from SUSE Linux; the authentication services component (CASA) and the identity database (FLAIM). FLAIM is the database used by eDirectory and GroupWise; Olds calls it a scalable repository for the semi-structured data common to identity systems. There's also a credential store that synchronises passwords and other credentials among various Linux system services.

Put it all together and you could log on to a Linux workstation securely, using a smartcard and LDAP and have your name and credentials captured by CASA.

When you visit a website that uses Bandit, a browser extension will detect this, ask you which identity you want to provide to the site and what information you're willing to make available (which doesn't have to be everything the site is asking for) and then use CASA and the Higgins identity framework to log in the identity stores that have your credentials in – including the original LDAP server.

You see that the information has been transferred and you get on with your browsing or shopping without having typed in yet another password. Head to another Bandit-powered site and you might be asked for information again; you get to choose which identity to give each site and which details to disclose.

While Bandit is a long way from being finished, Olds encourages developers to start working with it – and to give feedback on what they want to see. Given Novell's investment in eDirectory, it's not surprising that Bandit doesn't mean replacing any existing directory services or metadirectory services you may already have in place.

Instead, Olds claims: "They make it easier for developers to write applications and services that use and integrate those identity systems. Developers can use Bandit and Higgins to access such systems without knowing specific mechanisms and protocols. Therefore, they can focus more on identity services and such emerging diverse areas as reputation and compliance verification."

Bandit is building part of what Olds calls the "identity fabric", similar to the "identity metasystem" Microsoft's Kim Cameron refers to; an abstraction layer for identity that lets you work with the same identity concepts and services across multiple systems.

This isn’t co-incidence – or rivalry. Bandit provides some of the pieces for an identity infrastructure; others come from Higgins, Microsoft, the Liberty Alliance, the WS-* standards and other players in the identity world, and they're all beginning to interoperate.

According to Paul Trevithick of the Higgins project: "What you're starting to see is the emergence of several key open source projects in the identity space, and increasing levels of cooperation between them. Higgins working with Bandit is just one example of this."

Similarly, the open source OSIS identity selector project is more than a way to work on open source implementations of InfoCard. It's the major identity players – including Microsoft, Novell, IBM and Verisign – getting together with the open source community to pull together the new identity systems to give the internet the workable identity platform it needs. ®

Seven Steps to Software Security

More from The Register

next story
Secure microkernel that uses maths to be 'bug free' goes open source
Hacker-repelling, drone-protecting code will soon be yours to tweak as you see fit
NO MORE ALL CAPS and other pleasures of Visual Studio 14
Unpicking a packed preview that breaks down ASP.NET
KDE releases ice-cream coloured Plasma 5 just in time for summer
Melty but refreshing - popular rival to Mint's Cinnamon's still a work in progress
Leaked Windows Phone 8.1 Update specs tease details of Nokia's next mobes
New screen sizes, dual SIMs, voice over LTE, and more
Put down that Oracle database patch: It could cost $23,000 per CPU
On-by-default INMEMORY tech a boon for developers ... as long as they can afford it
Another day, another Firefox: Version 31 is upon us ALREADY
Web devs, Mozilla really wants you to like this one
Google shows off new Chrome OS look
Athena springs full-grown from Chromium project's head
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Application security programs and practises
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Securing Web Applications Made Simple and Scalable
Learn how automated security testing can provide a simple and scalable way to protect your web applications.