Novell Unmasks Bandit ID Effort

Novell takes the wraps off of its open-source framework for integrating disparate identity management systems with hopes that other companies will buy in.

Novell publicly launched its open-source identity management project on June 12, aiming to help businesses pull together their various network and applications authentication systems.

Dubbed Bandit, the effort is meant to help companies integrate existing ID management tools using an open-source platform developed by Novell and its partners.

Users will be able to more easily pull together ID technologies across different operating systems and applications using the technology created, Novell executives said.

The identity services in development by the Bandit community members will work with existing industry standards such as Web Services Addressing and Liberty Federation, and open-source projects including Higgins.

Novell reported that it has already contributed significant engineering resources and software code to help get the project underway.

By providing organizations with a more consistent approach to addressing enterprise identity management, Novell maintains it can help companies achieve goals such as improving security, offering roles-based access to workers and meeting regulatory compliance requirements.

"Wed like to establish a set of interoperable software components that can easily be understood by applications servers and end-user applications alike, so that people dont need to worry as much about authentication infrastructure," said Dale Olds, distinguished engineer at Novell.

"The value will be in allowing different services to work together around authentication in a more consistent way, versus forcing customers to address authentication individually for each application."

The Bandit project is initially focused on creating a CASA (common authentication services adapter) for providing interoperable single sign-on across disparate systems, along with a secure repository for user and systems credentials.

The group will also launch a common identity service, an implementation of the Higgins project open-source framework for establishing digital identity.

In addition, Novell said Bandit would launch a role engine service that can be integrated into any application for calculating user role information, and allowing authorization across multiple systems.

The group also intends to introduce an audit record framework service which will offer an API (applications program interface) for integration with compliance and security auditing programs.

Novell said it already incorporates some of Bandits open identity services within its SUSE Linux distribution and that it plans to include technology created via the project into future releases.

/zimages/2/28571.gifClick here to read about the efforts to improve identity management.

Olds said that Novells interest in the project is simple, in that the company believes it can sell more of its high-end network management software if users faced fewer authentication hurdles.

He emphasized that the company is hoping that the open-source nature of the effort will allow various technology providers to have input into the project, rather than lean toward one vendors standards.

While Novell has not announced any other official participants in Bandit, Olds said the software maker has already spoken to a number of companies interested in contributing to the effort.

In addition to major systems vendors and authentication software providers, the company believes that developers of smart cards, biometrics and other two-factor security products could eventually join the project.

While there are a number of identity management standards efforts ongoing, Olds said that Bandit wants to distinguish itself by providing software protocols and other real tools, versus establishing yet another development guideline.

"There are too many standards, and not enough tools to make those standards work," said Olds. "Were already at the point where people can start looking at writing the code that permits these protocols we have to work."

/zimages/2/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Security Center Editor Larry Seltzers Weblog.