Red Hat open-sources security framework

Red Hat has open-sourced its identity-management and security system to promote its assertion that open-source software provides the most secure infrastructure.

The Linux vendor said Wednesday it has released the entire source code for the Red Hat Certificate System, its security framework for managing user identities and transactions on a network. Red Hat acquired the system from AOL three years ago, but only parts of the system, which uses the Apache Web server and the Red Hat Directory Server, were open source.

According to a blog post by Red Hat's security team, the move "further demonstrates Red Hat’s belief that the open source development model creates more secure software." In addition to offering the Red Hat Certificate System to users of its Red Hat Enterprise Linux product, the company also uses it internally.

The team said now that the system is open source, it will be easier for developers to integrate the technology with other security- and network management-related projects from Red Hat.

One of those is the freeIPA project, which provides central management of identity, policy and auditing for Unix and Linux using open-source and open-standards technologies. According to Red Hat, by integrating technology from the certificate system, the freeIPA project eventually will offer central management and provisioning for machine and service digital certificates.

Red Hat is best known for its Linux distribution, but has been working steadily for several years to broaden its open-source portfolio beyond the OS. New CEO Jim Whitehurst said recently that the company, more than ever, needs to demonstrate more support for the open-source community outside of Linux and visibly promote the continued adoption of open-source software among businesses. Whitehurst took over CEO duties from longtime Red Hat leader Matthew Szulik in January.