Novell and identity management: from a long-tailed mouse to a masked dog
Earlier this week, Martin LaMonica at CNET
reported that Novell will be taking the covers off its latest foray into open source identity management: the
Bandit project (a somewhat surprising choice of name given the focus on security, privacy and so forth but that's by the by - there is some justification for the name provided
here).
Novell is sponsoring the project and contributing the engineering effort. Whilst it is actively seeking external input, Novell
in consultation with the Bandit community, sets the project engineering goals and retains ultimate responsibility for the project.The objectives of the project are to: enable application access to identity stores; support multiple and pluggable authentication methods and user-managed authentication credentials; provide a simple API for role-based access control; and simplify auditing and reporting for compliance based on
open standards and specifications.
To do so, Bandit has identified a number of components (described in more detail
here):
- Common Authentication Services Adapter (CASA) - for the storage of credentials and other authentication data by users and applications
- Common Identity - a framework for abstracting different identity data stores based on the Java Naming and Directory Interface (JNDI), which provides identity data mapping and transformation, caching, a policy engine and a variety of connectors for different identity data stores, including LDAP, SQL, XML
- Compliance Records Architecture - provides an API for auditing based on name/value pairs and a taxonomy for the hierarchical classification of audit records
- Role Engine Architecture - for role-based access control and management of roles, relationships, membership and dynamic separation of duties.
The objectives of the project are certainly ambitious, addressing as they do some of the more challenging, higher-level aspects of identity management such as role-based access control and compliance. Novell certainly has significant identity management expertise to contribute and it will be interesting to see how much of the intellectual property in its identity management solutions will migrate to the Bandit deliverables.
When I first heard about Bandit and began to navigate the project's site, my first thought was "there seems to be some overlap here with the
Higgins project (which Novell
joined at the end of February), particularly this Common Identity thingy". A little more digging revealed that to be the case. Although there is no integration between the two yet - well it has only been a couple of months - the Bandit team
envisages the creation of a Higgins context provider based on the Common Identity component. A context provider is the means by which the Higgins Framework plugs into different identity repositories, protocols etc to provide application developers, via the Eclipse framework, with a common API to build on different identity management solutions.
As
Eric over at Digital ID World points out this is not the first open source identity management initiative and I completely agree with him that the involvement of Novell means that it is still a significant event. I think the fact that the project is focussing on higher-level (value?) identity management issues gives it added significance. It will be particular interesting to see which other domain names
pop up in members' email addresses.
