Novell this week unveiled an open source identity management project called “Bandit,” aimed at interoperability among disparate identity systems and consistency in securing and managing identities, which can number in the thousands for enterprises.
There have been numerous attempts at a uniform identity management platform, but the new open source effort represents the first to win backing from such a wide collection of companies, which even include Novell’s top Linux competitor Red Hat. Other companies and groups that have signed onto the Bandit identity management approach, which incorporates previous standards and work including WS*, Liberty Federation, and Eclipse Higgins, are Microsoft, Sun Microsystems and IBM.
“The big reason we introduced Bandit and got industry support is it’s not going to be solved by one company,” Novell Director of Product Marketing of Identity Management Richard Whitehead told LinuxInsider. “The reason for having openness and working with Microsoft, Red Hat, Sun and the others is that we will solve this problem together.”
Identity Crisis
The problem, according to Whitehead and industry analysts, is that there are a myriad of identity management solutions and systems that are mostly proprietary and mostly unable to work together.
“Part of it is getting enough support behind any one effort,” Burton Group Vice President and Research Director Mike Neuenschwander told LinuxInsider. “There has yet to be consensus.”
While Novell had previously distanced itself from the Bandit identity management software, which is incorporated into the company’s Suse Linux products, it is now promoting the platform with its own brand, along with the others.
Neuenschwander said the Bandit project and idea of consistency represent an inflection point in the development of the identity management software market, calling the creation of identity services that abstract complexity and are freely available and interoperable “a worthwhile goal.”
“There’s some promise there now, and they’re trying to garner attention for the idea,” he said.
Code Kickoff
To get the open source Bandit project rolling, Novell contributed four significant components of code: the Common Authentication Services Adapter (CASA) for interoperable authentication; the Flexible Adaptable Information Management (FLAME) information repository; the Audit Record Framework for open auditing and compliance; and the Role Engine service to calculate role information and unify authorization, Whitehead reported.
“These are not small pieces,” he said, adding the wide industry support with Bandit’s announcement signal that companies are ready to work together on identity management.
“It’s a demonstration that a lot of this can and will be accomplished today and in the near term,” he said. “But it will constantly be evolving, and to evolve, it needs to be open.”
Keeping Proprietary Parts
While he stressed the need for openness and building upon already-established open source identity management standards and efforts, such as Higgins, Whitehead said Bandit backers, including Novell, would continue to have their own, proprietary features attached to the technology.
Noting that Novell’s proprietary parts of identity management are still standard protocols and directories, Whitehead explained that while vendors may spice up identity solutions as they choose, the basic building blocks for Bandit identity management must remain open.
“There will still be proprietary leveraging, that’s the part that will generate revenue, based on capabilities, but describing the identity, how it’s used, and the framework — those do have to have that openness,” Whitehead said.
Driver Wanted
While the disparity among different identity management solutions may be a significant challenge for the software, it also has yet to find a true market driver, according to IT-Harvest Founder and Chief Research Analyst Richard Stiennon.
“No company has enough presence to force their identity management on people,” Stiennon told LinuxInsider, referring to Microsoft’s repeated efforts and re-branding in the space.
However, Stiennon said there is hope for Bandit, particularly with Novell’s open source credibility, and the realization from all of the big players that their best interests lie in cooperation.
“We’re definitely in a different place,” he said. “I think they recognize [identity management] is not going to be a money maker or driver. It’s just learning to compromise.”