<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">On 12/23/2013 03:21 AM, Stian
Thorgersen wrote:<br>
</div>
<blockquote
cite="mid:1641766950.37813169.1387790516491.JavaMail.root@redhat.com"
type="cite">
<div class="moz-text-plain" wrap="true" graphical-quote="true"
style="font-family: -moz-fixed; font-size: 12px;"
lang="x-western">
<pre wrap="">
----- Original Message -----
</pre>
<blockquote type="cite" style="color: #C0C0C0;">
<pre wrap=""><span class="moz-txt-citetags">> </span>From: "Bill Burke" <a moz-do-not-send="true" class="moz-txt-link-rfc2396E" href="mailto:bburke@redhat.com"><bburke@redhat.com></a>
<span class="moz-txt-citetags">> </span>To: <a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:keycloak-dev@lists.jboss.org">keycloak-dev@lists.jboss.org</a>
<span class="moz-txt-citetags">> </span>Sent: Friday, 20 December, 2013 8:42:06 PM
<span class="moz-txt-citetags">> </span>Subject: Re: [keycloak-dev] Certificate Management, Directory Services and Device Registration
<span class="moz-txt-citetags">> </span>
<span class="moz-txt-citetags">> </span>
<span class="moz-txt-citetags">> </span>
<span class="moz-txt-citetags">> </span>On 12/20/2013 3:27 PM, Anil Saldhana wrote:
</pre>
<blockquote type="cite" style="color: #C0C0C0;">
<pre wrap=""><span class="moz-txt-citetags">> > </span>Some of this is what I hear from users, customers and the industry. Also
<span class="moz-txt-citetags">> > </span>see below:
<span class="moz-txt-citetags">> ></span>
<span class="moz-txt-citetags">> > </span>On 12/20/2013 02:23 PM, Anil Saldhana wrote:
</pre>
<blockquote type="cite" style="color: #C0C0C0;">
<pre wrap=""><span class="moz-txt-citetags">> >> </span>Bill brought out some thoughts in my mind which I want to capture here
<span class="moz-txt-citetags">> >> </span>to see what your thoughts are:
<span class="moz-txt-citetags">> >></span>
<span class="moz-txt-citetags">> >> </span>* Certificate Management
<span class="moz-txt-citetags">> >> </span>- We need a good system to CRUD certificates. The only good Java based
<span class="moz-txt-citetags">> >> </span>oss I have seen is EJBCA.
</pre>
</blockquote>
</blockquote>
</blockquote>
<pre wrap="">EJBCA is a no-go as it's looks like it's heavily dependent on JavaEE. For LiveOak we need whatever libraries we use to be non-JavaEE.</pre>
</div>
</blockquote>
Stian - let me take a guess here. You think maybe writing a thin
REST based system for certificate management is better? <br>
EJBCA is an old project. I guess they started out as EJB based
services.<br>
<br>
<blockquote
cite="mid:1641766950.37813169.1387790516491.JavaMail.root@redhat.com"
type="cite">
<div class="moz-text-plain" wrap="true" graphical-quote="true"
style="font-family: -moz-fixed; font-size: 12px;"
lang="x-western">
<pre wrap="">
</pre>
<blockquote type="cite" style="color: #C0C0C0;">
<blockquote type="cite" style="color: #C0C0C0;">
<blockquote type="cite" style="color: #C0C0C0;">
<pre wrap=""><span class="moz-txt-citetags">> >></span>
<span class="moz-txt-citetags">> >> </span>* Directory Server/Services
<span class="moz-txt-citetags">> >> </span>- We have ApacheDS and OpenDS (or the ForgeRock version) as two
<span class="moz-txt-citetags">> >> </span>possibilities in Java based directory servers. I am unsure if we have
<span class="moz-txt-citetags">> >> </span>really explored building a solution for directory services.
</pre>
</blockquote>
<pre wrap=""><span class="moz-txt-citetags">> > </span>* Another important consideration is Active Directory. It is an
<span class="moz-txt-citetags">> > </span>ecosystem - has LDAP, Kerberos/SPNego, SAML, WSTrust etc. I think we
<span class="moz-txt-citetags">> > </span>really need some type of Open Source solution to this ecosystem. The
<span class="moz-txt-citetags">> > </span>core starts with directory services or a facade.
<span class="moz-txt-citetags">> ></span>
</pre>
</blockquote>
<pre wrap=""><span class="moz-txt-citetags">> </span>
<span class="moz-txt-citetags">> </span>A huge part of Keycloak's value-add is it provides the UI for login,
<span class="moz-txt-citetags">> </span>registration, acct/credential/device/realm management. If these AD/LDAP
<span class="moz-txt-citetags">> </span>services are read-only, then there's not a lot Keycloak can offer you.
<span class="moz-txt-citetags">> </span>
<span class="moz-txt-citetags">> </span>Also, for Keycloak 1.0.Final, we're focusing solely on securing Web Apps
<span class="moz-txt-citetags">> </span>and RESTful services. We can't have too many tangents or feature creep.
</pre>
</blockquote>
<pre wrap="">We can't wait to long to support mobile devices (at least Android and iOS). These would be required by both LiveOak and AeroGear. Not sure if that's before or after a 1.0.Final though. AeroGear guys can probably help us out here though, as they're working on OAuth2 libraries.
</pre>
</div>
</blockquote>
Agree. Having REST based MBaaS dealing with mobile devices may be
critical. Apache UserGrid is the new entrant in the oss space.<br>
<br>
</body>
</html>