Feeds

Unmasking Novell's identity plans

Bandit country

The Power of One Brief: Top reasons to choose HP BladeSystem

Identity systems such as Higgins and InfoCard give us new ways of storing and exchanging information about users; good news for users and developers.

The other half of the picture is managing and auditing those identities and the roles they correspond to, so you can use identities for role-based access control; the features both developers and administrators need to have.

That's one of the pieces Novell's new open source identity management project Bandit aims to address. It's less about providing identities and more about providing common identity services such as authentication, roles, policy and compliance reporting.

The name (apparently a common dog name in the US rather than a reference to masked men), plays on the old joke that on the internet, nobody knows you're a dog; along with the idea of dogtags. More prosaically, according to Novell distinguished engineer Dale Olds, "Bandit focuses on open source implementations of components needed to provide a consistent experience of identity to users and administrators. In practice, this means that we are not advocating a new protocol or standard, but provide implementations and 'glue' for existing standards and systems.";

You can use these components in your applications and network services, working with existing protocols and APIs. Olds believes that Bandit will simplify federating identities from multiple sources (say, LDAP directories and SQL databases) for authenticating users and calculating roles.

"The developer simply uses Bandit components and does not need to know how to code to specific systems or what authentication method or identity repository is used - these things can be configured at installation time rather than during development."

If that sounds like the Higgins Project, it's no coincidence. Bandit builds on Higgins, which you can think of as a unifying API for different identity systems. Many Bandit components are built on top of the Higgins Identity attribute service, adding higher-level services like role calculations and audit record reporting. Bandit also implements new Higgins Context Providers, extending the number of identity systems Higgins covers to include Novell's eDirectory.

There are components from SUSE Linux; the authentication services component (CASA) and the identity database (FLAIM). FLAIM is the database used by eDirectory and GroupWise; Olds calls it a scalable repository for the semi-structured data common to identity systems. There's also a credential store that synchronises passwords and other credentials among various Linux system services.

Put it all together and you could log on to a Linux workstation securely, using a smartcard and LDAP and have your name and credentials captured by CASA.

When you visit a website that uses Bandit, a browser extension will detect this, ask you which identity you want to provide to the site and what information you're willing to make available (which doesn't have to be everything the site is asking for) and then use CASA and the Higgins identity framework to log in the identity stores that have your credentials in – including the original LDAP server.

You see that the information has been transferred and you get on with your browsing or shopping without having typed in yet another password. Head to another Bandit-powered site and you might be asked for information again; you get to choose which identity to give each site and which details to disclose.

While Bandit is a long way from being finished, Olds encourages developers to start working with it – and to give feedback on what they want to see. Given Novell's investment in eDirectory, it's not surprising that Bandit doesn't mean replacing any existing directory services or metadirectory services you may already have in place.

Instead, Olds claims: "They make it easier for developers to write applications and services that use and integrate those identity systems. Developers can use Bandit and Higgins to access such systems without knowing specific mechanisms and protocols. Therefore, they can focus more on identity services and such emerging diverse areas as reputation and compliance verification."

Bandit is building part of what Olds calls the "identity fabric", similar to the "identity metasystem" Microsoft's Kim Cameron refers to; an abstraction layer for identity that lets you work with the same identity concepts and services across multiple systems.

This isn’t co-incidence – or rivalry. Bandit provides some of the pieces for an identity infrastructure; others come from Higgins, Microsoft, the Liberty Alliance, the WS-* standards and other players in the identity world, and they're all beginning to interoperate.

According to Paul Trevithick of the Higgins project: "What you're starting to see is the emergence of several key open source projects in the identity space, and increasing levels of cooperation between them. Higgins working with Bandit is just one example of this."

Similarly, the open source OSIS identity selector project is more than a way to work on open source implementations of InfoCard. It's the major identity players – including Microsoft, Novell, IBM and Verisign – getting together with the open source community to pull together the new identity systems to give the internet the workable identity platform it needs. ®

Securing Web Applications Made Simple and Scalable

More from The Register

next story
Apple fanbois SCREAM as update BRICKS their Macbook Airs
Ragegasm spills over as firmware upgrade kills machines
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
NO MORE ALL CAPS and other pleasures of Visual Studio 14
Unpicking a packed preview that breaks down ASP.NET
Captain Kirk sets phaser to SLAUGHTER after trying new Facebook app
William Shatner less-than-impressed by Zuck's celebrity-only app
Do YOU work at Microsoft? Um. Are you SURE about that?
Nokia and marketing types first to get the bullet, says report
Microsoft takes on Chromebook with low-cost Windows laptops
Redmond's chief salesman: We're taking 'hard' decisions
Cheer up, Nokia fans. It can start making mobes again in 18 months
The real winner of the Nokia sale is *drumroll* ... Nokia
Mozilla fixes CRITICAL security holes in Firefox, urges v31 upgrade
Misc memory hazards 'could be exploited' - and guess what, one's a Javascript vuln
prev story

Whitepapers

Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Reducing security risks from open source software
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.