[keycloak-dev] Certificate Management, Directory Services and Device Registration

Anil Saldhana Anil.Saldhana at redhat.com
Fri Dec 20 15:27:16 EST 2013 

Some of this is what I hear from users, customers and the industry. Also 
see below:

On 12/20/2013 02:23 PM, Anil Saldhana wrote:
> Bill brought out some thoughts in my mind which I want to capture here
> to see what your thoughts are:
>
> * Certificate Management
> - We need a good system to CRUD certificates.  The only good Java based
> oss I have seen is EJBCA.
>
> * Directory Server/Services
> - We have ApacheDS and OpenDS (or the ForgeRock version) as two
> possibilities in Java based directory servers. I am unsure if we have
> really explored building a solution for directory services.
* Another important consideration is Active Directory. It is an 
ecosystem - has LDAP, Kerberos/SPNego, SAML, WSTrust etc. I think we 
really need some type of Open Source solution to this ecosystem. The 
core starts with directory services or a facade.

> * Device Registration
> - BaaS may be at play here.
> - Apache UserGrid is incubating.
>
> * OTP
> - FreeOTP is a new project at fedora for iOS/Android apps based on
> google authenticator.
> - both KeyCloak and Aerogear have a solution for integrating OTP based
> authentication.
>
>
> Anything else?
>
> On 12/20/2013 02:13 PM, Anil Saldhana wrote:
>> Hi Bill/Bruno,
>>      I think this is a great idea.   Managing keys/certificates is going
>> to be very critical.
>>
>> EJBCA may be good to CRUD x509 certificates.
>>
>> Regards,
>> Anil
>>
>> On 12/20/2013 08:18 AM, Bill Burke wrote:
>>> Bruno,  I'm also interested in your key management work.  Client-cert
>>> support is also something on the TODO list.  We also need to have a talk
>>> with Aerogear to brainstorm on how to secure/manage devices.  I have
>>> some ideas around both the UI and the protocol.  Nothing concrete yet.
>>>
>>> On 12/20/2013 7:17 AM, Bruno Oliveira wrote:
>>>> Good morning guys, FYI I’ve started to migrate everything related with ag-security to Keycloak (http://aerogear-dev.1069024.n5.nabble.com/aerogear-dev-Keycloak-on-AeroGear-td5663.html). I hope to upstream/contribute with our needs during our development.
>>>>
>>>> Congratulations about the project.
>>>>
>>>> --
>>>> abstractj
>>

More information about the keycloak-dev mailing list