On 12/20/2013 02:42 PM, Bill Burke wrote:
On 12/20/2013 3:27 PM, Anil Saldhana wrote:
> Some of this is what I hear from users, customers and the industry. Also
> see below:
>
> On 12/20/2013 02:23 PM, Anil Saldhana wrote:
>> Bill brought out some thoughts in my mind which I want to capture here
>> to see what your thoughts are:
>>
>> * Certificate Management
>> - We need a good system to CRUD certificates. The only good Java based
>> oss I have seen is EJBCA.
>>
>> * Directory Server/Services
>> - We have ApacheDS and OpenDS (or the ForgeRock version) as two
>> possibilities in Java based directory servers. I am unsure if we have
>> really explored building a solution for directory services.
> * Another important consideration is Active Directory. It is an
> ecosystem - has LDAP, Kerberos/SPNego, SAML, WSTrust etc. I think we
> really need some type of Open Source solution to this ecosystem. The
> core starts with directory services or a facade.
>
A huge part of Keycloak's value-add is it provides the UI for login,
registration, acct/credential/device/realm management. If these AD/LDAP
services are read-only, then there's not a lot Keycloak can offer you.
Rather
than viewing them as read-only services, I view them as directory
services that your ecosystem of apps (internal as well as external)
ranging from browsers to mobile can utilize.
Also, for Keycloak 1.0.Final, we're focusing solely on securing
Web Apps
and RESTful services. We can't have too many tangents or feature creep.
Agreed - long term thinking.