The Novell-sponsored Bandit
project is a relatively new entry into the somewhat crowded digital
identity space. Bandit is trying to unify the disparate protocols and
mechanisms for authentication into a consistent view for users and
applications. This would allow a user to be independent of the underlying
authentication method used, while allowing them full control over what
information is released to a site requesting personal information.
One of the more annoying "features" of the web is the necessity of signing
up with various sites, often using the same information (name, email address,
mailing address, etc.). Once that is done, users need to remember their
password at each site, which often means taking a very insecure shortcut by using the
same one everywhere. Even a quick correction
or pointer added into a comment thread will often require creating an
account and logging in, definitely a barrier to quick and easy internet
discourse. LWN is as "guilty" as most other sites, as there is no other
simple solution to reducing comment spam.
The idea behind Bandit, and the other identity management systems, is to
provide a means for users to manage this information, present it to sites
they wish to use, without retyping their full name and contact information
all over the place. It can also store more sensitive information, credit
card numbers and the like. Unlike other, centralized schemes, the user information
can be stored locally, with external servers used to validate a connection
between an identity and the credentials presented.
Where Bandit is different is that it intends to try and encompass various
other free authentication mechanisms and interoperate with them. In some
ways it is like a web browser, in that it incorporates multiple different
protocols (http, ftp, local file access, etc.) into a single view for the
user. Bandit extends the browser by providing a plug-in for Firefox that communicates with their
DigitalMe will do the heavy lifting of keeping track
of the identities, where and how they are stored, as well as how to
communicate that to the requesting site (aka relying party). The Firefox
plug-in will present the stored identities to the user allowing them to choose
one. It will also display the information requested by the relying party
and allow the user to select which they will allow to be sent, keeping the
user firmly in control.
framework is also part of Bandit, to allow companies to ensure that
the identities are used in compliance with regulations or company standards.
One of the use cases described for Bandit is for a company with identity
cards that their employees use to log in to their systems. All of the
identity information for those users would be stored by the company, rather
than the employee, which would allow the company to recover them when an
employee leaves. The identities would correspond to various company-run
services as well as vendor or customer systems that are used by the employee.
Because it incorporates so many different standards and protocols, Bandit
is even more of an alphabet soup than other identity systems. It is difficult
to see, yet, whether it lives up to its grand vision. The project
has released some code, but DigitalMe is currently only packaged for SuSE
Linux distributions. But it is all free software, mostly licensed under
the LGPL and certainly has some interesting ideas.
Windows has its own idea of identity management, CardSpace, that Bandit
can also interoperate with in some fashion. Novell is demonstrating the
technology and its interoperability with CardSpace at the Digital ID World
conference this week. In conjunction with the conference, Novell is also
promoting a "Control Your Identity" campaign that is encouraging users
to get Bandit cards.
Like much of the work in this area, Bandit shows a lot of promise, but in
order for it, or any other identity management framework, to succeed, there
must be user interest. Plenty of complaints are heard about identity
handling and the need to sign on seemingly everywhere on the web, but so
far, no solution has really made a lot of headway. Because it intends to
incorporate most of the solutions out there, Bandit may have a better chance
to post comments)