Novell’s Directory Services Strategy Focuses on UDDI Security

New directory server touts secure identity management for key Web services standard.

• By Matt Migliore
• 12/18/2002

Project Destiny, Novell’s roadmap for its directory releases, was officially announced in July. Through 2003, the program is expected to bring to market directory services that feature support for: using XML and SOAP (Simple Object Access Protocol); building flexible relationships within a directory; defining policy inherently within a service; and federating trust through SAML (Simple Assertion Markup Language) and the Liberty Alliance specification for single sign-on.

Nsure UDDI Server focuses on the management and security of identities in UDDI (Universal Description, Discovery and Integration) repositories. The key advantage of the server is that it allows users to attach authentication and authorization information directly to identities stored in a UDDI directory.

For developers, the ability to apply access controls within a UDDI repository means a single database can be used to both secure and manage identities. This is a marked improvement over common methods used today, as security and management of UDDI identities typically require two different databases because the current version of the UDDI specification (version 3.0) does not have adequate provisions for securing and managing registered services.

“You talk to any customer today and they’re going to tell you that Web services is their strategic direction,” says Justin Taylor, chief strategist of directory services for Novell. “But the problem is, they’re not quite sure what, exactly, that means yet.”

According to Taylor, uptake for the Web services concept as a whole—and UDDI especially—has been somewhat slower than originally expected due to several user concerns. He says that since the UDDI specification is in the early stages of development, enterprises have been a bit hesitant to implement it in a live environment. Also, says Taylor, security and the methods for accessing services listed in a UDDI repository remain big question marks for users.

With its new UDDI server, Novell is hoping to eliminate some of the worry customers have in regard to security. eDirectory, Novell’s popular identity management platform on which the server is based, features role-based administration, advanced password and certificate login, SSL encryption, public/private key encryption, SAS (Secure Authentication Services), smart cards, and X.509v3 certificates.

Currently, Taylor says Novell is working with a number of customers on deploying the Nsure UDDI Server internally. However, he says, none of them expose their UDDI repositories to business partners or customers yet. “We do have customers saying that they plan on rolling [UDDI] out externally, but what they’re really waiting for is for the Web services environment as a whole to mature.”

In a recent conversation with Security Strategies, Uttam Narsu, a vice president with the XML Web services team at Giga Information Group Inc., indicated it may take some time for UDDI to achieve widespread use outside the firewall. Narsu says that while UDDI may be capable of facilitating external integration between Web services, the people aren’t ready for it. “The technology barriers for adoption of Web services are being overcome. The human barriers aren’t.”