Novell takes a shot at security

The networking company is out to broaden its horizons and reshape itself as a security company. Its iChain server aims to keep the bad guys out in the cold
Written by Dennis Fisher, Contributor

Best known for its networking software and frequent strategy shifts, Novell is set to roll out this summer new products in an effort to reshape itself as a security company.

The vendor last week spelled out the details of its forthcoming iChain 2.0 access-control software, which will include a host of enhanced security features, such as optional token-based authentication.

In August, Novell will unveil a technology called Secure Web Federation, which will enable users to extend single-sign-on and other security features to the Web sites of suppliers, partners and customers.

Among key features that Novell officials said they hope will drive adoption of iChain 2.0 is its Extensible Markup Language-based form-fill capability. This feature captures log-in information during a user's initial session, stores it in an encrypted database and then uses it to populate forms during later sessions.

This feature gives iChain 2.0, due in the next quarter, the ability to furnish single-sign-on services without plug-ins or custom development work. Most other vendors require one or both.

Secure Web Federation is essentially an extension of iChain that enables users to navigate seamlessly among a group of related Web sites without having to reauthenticate each time. Novell will roll it out in three phases between August and early next year.

Using protocols such as Secure Assertion Markup Language, the technology will allow one central iChain server to act as a proxy and send a user's credentials to several other authorised sites. Some customers said they have been waiting for this technology.

"One of the biggest problems we have is not being able to go to multiple Web servers behind the firewall," said Edward Cheadle, director of technical services at Beneficial Life Insurance, an iChain user.

"We don't have a WAN for our agents, so we've set up a [business-to-business] portal that we want to hook our partners into," said Cheadle, in Salt Lake City. "This kind of security solves a lot of the problems for us."

Despite all the new features in iChain 2.0 and Secure Web Federation, some Novell customers and industry observers question the company's commitment to security. Some wonder whether the new software is simply another case of the company looking for a hot sector to ride for a while.

"This is a different technology than they're used to," said one large East Coast Novell customer, who asked not to be named. "But security is hot right now."

Critics point to Novell's efforts in the application service provider market as support for their concerns. The company tried to gain a foothold in that sector during the recent rush toward hosted services but has been largely unsuccessful.

However, Novell officials said this isn't so much a shift in strategy as a renewed emphasis on something that has always been one of the company's strengths -- if an unheralded one.

"We want to move away from our PKI [public-key infrastructure]-based products and pull all of our other things like BorderManager and [Modular Authentication Service] into this," said Bob O'Dell, director of product management and head of the security section at Novell.

Is your PC safe? Find out in ZDNet UK's Viruses and Hacking News Section.

Have your say instantly, and see what others have said. Click on the TalkBack button and go to the Security forum.

Let the editors know what you think in the Mailroom. And read other letters.

Editorial standards