Novell has officially launched Bandit, an open source identity management platform that leverages existing OpenIDentity technologies like IBM’s project Higgins. Designed as a role-based security “enablement layer” for enterprises, Bandit could potentially increase interoperability between disparate identity systems currently used by companies. Novell hopes that the availability of source code will enable independent developers to make their own technologies compatible with Bandit. The Bandit identity platform encapsulates several technologies, including a Common Authentication Services Adaptor that facilitates secure “single sign-on” with support for pluggable authentication methods, a Common Identity Service built on the Higgins framework, and an Audit Record Framework that streamlines security auditing and event analysis operations into a cohesive API.
Endorsed by IBM, the Eclipse Foundation, Sun, Symantec, and even Microsoft, Novell’s latest technology could potentially become a viable industry standard for interoperable identity management. Already integrated into Novell’s SUSE Linux, Bandit will also be tied into other Novell products in the future. Novell has constructed Bandit with community involvement in mind, and the company plans to continue providing funding and resources to promote community development of open source identity management technologies.
Computer security in a large company is generally a very complicated thing to orchestrate. According to an Information Security Breaches Survey conducted by the Department of Trade and Industry in the UK, one in five large businesses had a security breach associated with identity management deficiencies in 2006. With so many different services that all have different security mechanisms, it can be extremely challenging to create a security policy that can be implemented consistently across all of the systems used by a single organization. Novell has already made considerable investments in enterprise security technologies, particularly with AppArmor, an open source Linux security framework that insulates software from the exploitation of vulnerabilities. Bandit seems like a far more ambitious initiative geared towards standardization in addition to development. Bandit’s capacity to succeed as a technology seems largely predicated on whether it will be broadly adopted as a standard. Judging by the list of companies that have expressed an interest in the technology, Novell may be able to make it an inextricable fixture of enterprise computing.