Novell and Microsoft Embrace IDs

Stakes are rising in the management arena.

The decades-old rivalry between Microsoft Corp. and Novell Inc. is heating up again. This time, the companies are jockeying for position in a market that rapidly is becoming one of the key battlegrounds for winning and keeping customers: identity management.

Novell, one of the established players in identity management, this week plans to unveil two additions to its already-large product portfolio in the space, Nsure Audit and a SAML (Security Assertion Markup Language) extension for iChain. The auditing piece addresses what customers say has been a glaring weakness in Novells offerings—that is, the ability to securely log and audit all user log-in activity on a system.

Ego and ID

A look at Microsofts and Novells ID management


  • Interoperability with other corporate directories
  • Identity integration among multiple Active Directory forests
  • ADAM mode for more flexible deployments


  • Secure audit and logging
  • Federated identity management
  • Ability to share user identity data securely across the Web
The extension for iChain, the Provo, Utah, companys single-sign-on product for the Web, allows customers to share user identity and attribute data securely over the Web.

Nsure Audit lets administrators obtain a record of any log-in transaction on their system and determine whether a user is violating security policy. The data is collected in a central log and can be used to send alerts to administrators to notify them of important events. Each log-in event is digitally signed, and any number of events can be strung together, all of which can help in forensic and nonrepudiation situations.

"Weve written our own in-house application to audit user log-in activity, but it isnt as robust or user-friendly as wed like it to be," said Bill Kannberg, chief technology officer of Hillsborough County, Fla. "Weve held up opening our portal product for public [business-to-government] connections because we were unable to fully track or monitor user account activity without some kind of full audit tool. This new product addresses a long-standing need and a product missing from Novells suite for far too long."

The other new piece, the SAML extension for iChain, enables customers to pass user attributes among sites securely and map security assertions to individual user identities. The new offering also includes a SAML tool kit that can be used to add SAML capabilities to other applications.

The Novell announcements come less than a week after Microsoft finally made its foray into the identity management arena with the release of MIIS (Microsoft Identity Integration Server) 2003. The offering includes a broad range of new capabilities, many of which rely on Active Directory and extend the functionality of the directory.

But MIIS main advancement is its ability to interoperate with third-party directories. The new server in- cludes Directory Services Markup Language 2.0, which lets identity information be represented as XML data that can easily be used by other directories.

Another key piece of MIIS is the inclusion of a function known as ADAM (Active Directory Application Mode). This enables users to deploy Active Directory as an LDAP directory and make changes to application-specific user data without having to change the main corporate directory.

The directory is another area where Novell and Microsoft have recently been butting heads. Novells eDirectory is considered by many administrators to be technologically superior, but Microsofts hegemony in enterprise networks has helped build some momentum for Active Directory. Now, with the introduction of MIIS, the Redmond, Wash., company could once again be on the verge of pushing Novell out of a large number of IT shops.