02.23.07
The Internet Identity Explosion and the Bandit Project
There has been a huge flurry of activity in the Internet identity space in recent months mostly around convergence, working code, and actual deployments.
- OpenID continues to gain momentum.
- Microsoft and AOL announce support for OpenID.
- Higgins is solidifying its support for many identity systems, reaches major milestone
- Higgins gains some really cool technology that adds new capabilities for handling identity information.
- The Pamela Project emerges to fill needed hole in Relying Party territory
- Multiple open source projects show integration with Microsoft Cardspace and Liberty Alliance systems (shameless plug here)
- Real deployments of infocard and OpenID systems are happening in addition to existing Liberty systems.
- Perhaps the proverbial big bang of Internet identity will happen soon
Since I am an unashamed Bandit, I am sometimes asked “where does the Bandit project fit in all this?” I think that it fits in three ways:
First, Bandit supports the above mentioned projects and convergence points.
We participate in the community as much as we can, and we are one of the few projects I have seen that will actively contribute code to other projects. We NEED this stuff to work coherently and we work to accelerate convergence where possible.
In some ways the Bandit project is much like our close ally, the Higgins Project. Both projects write open source code that glues together existing and future systems. Neither project pushes a particular protocol family or identity system. Higgins provides a framework that supports a common interface to multiple identity systems and protocol families. Bandit needs such a framework, so we contribute to Higgins to help it get done faster. We work with Higgins on other shared components as well.
We are also excited to work with the new Pamela Project. It fills a very important need for consistent relying party code that is usable, robust, and handles evolutionary accounts from existing silos to the emerging identity systems. Relying parties need consistent user experience too.
Most projects that we work with are open source. I personally would want my identity information handled by open source software. I also think that open source development is particularly good at interoperable components of distributed systems — like identity systems.
.
Second, Bandit adds a layer of open source components for consistent authentication, authorization and audit capabilities.
You might say that accelerating convergence, contributing code to other projects, and some authentication code is necessary before we can build effective authorization and audit components. We need a cohesive, distributed identity system. But we also know that when we get such a system, some critical issues involving authentication, authorization, and audit will surface.
Bandit focuses on simple, reusable components for authentication, authorization, and audit. These capabilities are most recognized as needed in enterprise identity systems, but I think they will be needed in other places as well. The recent experiences of the Bandit team and others are confirming this. Once applications or services (web based or otherwise) start to actually be used by more than a few users and sources of identity, they immediately find they need a general, scalable solution for authorization and audit.
Authorization means determining whether a particular user can perform an operation. Most network services really support authorization based on something like a role. For example, a wiki may have a notion of an administrator, an editor, and a reader. The Bandit Role Engine will allow a sysadmin great power and flexibility in how to map security tokens, claims, and other information into the native roles of the system.
Auditing is needed to provide an record of who did what. In the case of most of the emerging Internet identity systems we are particularly interested in providing a record for the user of what a service has agreed to do for them. Think of it (in the insight of Bob Blakley) as the receipt from a Relying Party. Audit records are also needed (like a cash register receipt log) to help a service prove compliance with various accounting regulations.
Bandit is not limited to these components or use cases, but they illustrate the point. From the main project page:
Third, the Bandit Project is a conduit between developers and those who make these systems work in real deployments.
The Bandit Project works with Novell product teams, other vendors, current and future customers to determine what still needs to be done to make these identity systems work in real deployments. This will be an increasing emphasis of the Bandit Project this year.
More on this third point in the next post.
free viagra
buy viagra online
generic viagra
how does viagra work
cheap viagra
buy viagra
buy viagra online inurl
viagra 6 free samples
viagra online
viagra for women
viagra side effects
female viagra
natural viagra
online viagra
cheapest viagra prices
herbal viagra
alternative to viagra
buy generic viagra
purchase viagra online
free viagra without prescription
viagra attorneys
free viagra samples before buying
buy generic viagra cheap
viagra uk
generic viagra online
try viagra for free
generic viagra from india
fda approves viagra
free viagra sample
what is better viagra or levitra
discount generic viagra online
viagra cialis levitra
viagra dosage
viagra cheap
viagra on line
best price for viagra
free sample pack of viagra
viagra generic
viagra without prescription
discount viagra
gay viagra
mail order viagra
viagra inurl
generic viagra online paypal
generic viagra overnight
generic viagra online pharmacy
generic viagra uk
buy cheap viagra online uk
suppliers of viagra
how long does viagra last
viagra sex
generic viagra soft tabs
generic viagra 100mg
buy viagra onli
generic viagra online without prescription
viagra energy drink
cheapest uk supplier viagra
viagra cialis
generic viagra safe
viagra professional
viagra sales
viagra free trial pack
viagra lawyers
over the counter viagra
best price for generic viagra
viagra jokes
buying viagra
viagra samples
viagra sample
cialis
generic cialis
cheapest cialis
buy cialis online
buying generic cialis
cialis for order
what are the side effects of cialis
buy generic cialis
what is the generic name for cialis
cheap cialis
cialis online
buy cialis
cialis side effects
how long does cialis last
cialis forum
cialis lawyer ohio
cialis attorneys
cialis attorney columbus
cialis injury lawyer ohio
cialis injury attorney ohio
cialis injury lawyer columbus
prices cialis
cialis lawyers
viagra cialis levitra
cialis lawyer columbus
online generic cialis
daily cialis
cialis injury attorney columbus
cialis attorney ohio
cialis cost
cialis professional
cialis super active
how does cialis work
what does cialis look like
cialis drug
viagra cialis
cialis to buy new zealand
cialis without prescription
free cialis
cialis soft tabs
discount cialis
cialis generic
generic cialis from india
cheap cialis sale online
cialis daily
cialis reviews
cialis generico
how can i take cialis
cheap cialis si
cialis vs viagra
levitra
generic levitra
levitra attorneys
what is better viagra or levitra
viagra cialis levitra
levitra side effects
buy levitra
levitra online
levitra dangers
how does levitra work
levitra lawyers
what is the difference between levitra and viagra
levitra versus viagra
which works better viagra or levitra
buy levitra and overnight shipping
levitra vs viagra
canidan pharmacies levitra
how long does levitra last
viagra cialis levitra
levitra acheter
comprare levitra
levitra ohne rezept
levitra 20mg
levitra senza ricetta
cheapest generic levitra
levitra compra
cheap levitra
levitra overnight
levitra generika
levitra kaufen
Kim Cameron’s Identity Weblog » Understanding Bandit said,
February 24, 2007 at 3:37 pm
[...] There’s so much going on around identity these days, that it’s easy to lose track of how the different pieces fit together. Here’s a posting by Novell’s Dale Olds that tells us all about Bandit. There has been a huge flurry of activity in the Internet identity space in recent months mostly around convergence, working code, and actual deployments. [...]
It’s all about Bandit, Higgins, OpenID and Microsoft but where is IBM? « Zingle by Semcon said,
February 26, 2007 at 1:47 am
[...] It’s all about Bandit, Higgins, OpenID and Microsoft but where is IBM? Dale Olds posted another great post about Bandit the other day. And as we all know by now AOL is supporting OpenID. Microsoft has their cardspace that is getting around more and more, well at least wordpress supports it. Seeing how Bandit, Higgins, OpenID etc more and more starts to co-operate with each other it makes me wonder which approach IBM will take to this. Does IBM have any plans to provide the world with any identity storage where the identity is owned by the user and not the system? How will TIM, TAM or any other Tivoli IAM product for that matter make sure that they provide this possibility to the end user? [...]
kevin said,
February 28, 2007 at 9:29 am
I’m trying to figure out where IBM and CA (SiteMinder/TransactionMinder) are too! Anyone?
dale said,
March 2, 2007 at 5:49 pm
Kevin and, um, Zingle,
Thanks for the comments! I really can’t speak for the overall strategy of either company mentioned, but both are active in the Higgins project.
IBM has been a major supporter and code contributor. A number of project and component leads are IBM employees. Please check out this page:
http://www.eclipse.org/higgins/team-leaders.php
As for CA, they are active as well and have contributed to weekly development calls and face-to-face meetings.
CQ2 » Novell and OpenID said,
March 6, 2007 at 11:06 am
[...] Posts here and here. [...]
dale olds’ virtualsoul » Bandit, Community, and Corporate Deployments said,
July 22, 2008 at 6:05 pm
[...] my last post, I talk about three ways that the Bandit Project is contributing to emerging Internet identity [...]