<div dir="ltr"><div>Hello group,</div><div><br></div><div>whilst browsing the security talks of this weeks FOSDEM 2016 [0], </div><div>I stumbled upon two open source Identity Management solutions </div><div>in that presentation [0.1] which I was totally unaware of: </div><div>midpoint [1] [1.1] by evolveum and the Syncope [2] Apache project.</div><div><br></div><div>Since I think that those could serve (at least) as an inspiration</div><div>for Keycloak I wanted to share this with you.</div><div><br></div><div>Midpoint seems to be a pretty mature product with good documentation and </div><div>a wide feature palette as one can see here: [1.2]. </div><div>Some of of those features might also be worth to be added to keycloak, e.g.:</div><div>- Detailed information about user attribute / configuration changes via Deltas [1.3], [1.5]</div><div>- Parametric Roles as part of their Hybrid RBAC support [1.4]</div><div>- Support for Segregation of Duties by Role Exclusions [1.6]</div><div><br></div><div>SSO support in midPoint is provided by a Spring Security integration</div><div>as well as support for CAS, but I could not find an implementation for</div><div>OAuth 2.0, Open ID Connect nor SAML - only a Google Summer of Code 2015</div><div>OAuth / Open Id Connect integration proposal.</div><div><br></div><div>Midpoint seems to be a fully fledged IAM solution already but, IMHO with a </div><div>much broader scope (enterprise IdM, IAM) than Keycloak (IdM for cloud products).</div><div><br></div><div>Syncope [2.1] on the other hand seems to an effort to reimplement an </div><div>IdM (provisioning) solution from scratch.</div><div><br></div><div>Has anybody here heared of or investigated those projects?</div><div><br></div><div>[0] <a href="https://fosdem.org/2016/schedule/track/security/">https://fosdem.org/2016/schedule/track/security/</a></div><div>[0.1] <a href="https://fosdem.org/2016/schedule/event/midpointidm/">https://fosdem.org/2016/schedule/event/midpointidm/</a></div><div>[1] <a href="https://evolveum.com/midpoint/">https://evolveum.com/midpoint/</a></div><div>[1.1] <a href="https://github.com/Evolveum/midpoint">https://github.com/Evolveum/midpoint</a></div><div>[1.2] <a href="https://wiki.evolveum.com/display/midPoint/Features">https://wiki.evolveum.com/display/midPoint/Features</a></div><div>[1.3] <a href="https://wiki.evolveum.com/display/midPoint/Deltas">https://wiki.evolveum.com/display/midPoint/Deltas</a></div><div>[1.4] <a href="https://wiki.evolveum.com/display/midPoint/Advanced+Hybrid+RBAC">https://wiki.evolveum.com/display/midPoint/Advanced+Hybrid+RBAC</a></div><div>[1.5] <a href="https://wiki.evolveum.com/display/midPoint/Relativity">https://wiki.evolveum.com/display/midPoint/Relativity</a></div><div>[1.6] <a href="https://wiki.evolveum.com/display/midPoint/Segregation+of+Duties">https://wiki.evolveum.com/display/midPoint/Segregation+of+Duties</a></div><div>[2] <a href="https://syncope.apache.org/">https://syncope.apache.org/</a></div><div>[2.1] <a href="https://github.com/apache/syncope">https://github.com/apache/syncope</a></div><div><br></div><div>Cheers,</div><div>Thomas</div></div>