Novell has released a framework for enterprises planning their long-term identity management strategy. The company is keen to stress that its framework does not just mean single sign-on, although that is one of the benefits. Novell's Identity Automation Framework (IAF) is the company's foundation for its Nsure range of solutions, which are designed to help an enterprise create and control identities and access rights for employees, partners and customers. The network software company believes that implementing a single sign-on system without first creating an overall identity infrastructure will cause unwanted side effects, such as increasing the company's security risk. "Unless you look at the problem holistically, you will uncover these problems in an unplanned way. You could install a single sign-on application and then find that the security is more exposed because it is now easier for users to log in to all of the applications transparently," said Freddie Kavanagh, EMEA chief technology officer at Novell. The announcement comes just a week after Microsoft launched its Identity Integration Server 2003, which the software giant hopes will make it the first choice for managing the authentication processes of large companies. But Novell expects its products to be favoured by enterprises because it does not take a proprietary position: "Our strength is that we have a proven cross-platform, cross-vendor strategy that has been working for a number of years and been deployed in a number of large corporations," said Kavanagh. "We base everything on open standards and do not impose a set of products that live in isolation." Novell IAF is divided into four layers. The first layer deals with integrating basic identities, but allowing users to keep certain applications separate. This is followed by a layer that allows creating, automating and maintenance of those identities. The third layer controls secure identities and deals with locking down business resources, as well as logging access and auditing usage of those resources. With the basic framework in place, the top layer addresses overall password management and single sign-on. Chris Stone, Novell's vice chairman, said in a statement: "Many vendors purport to offer a complete identity management solution when in reality they can really only effectively address one piece of a problem -- and then they tap third parties to tackle the rest. Such an approach is not comprehensive identity management, but rather a symptomatic solution to a particular pain point."