Hello group,

whilst browsing the security talks of this weeks FOSDEM 2016 [0], 

I stumbled upon two open source Identity Management solutions 

in that presentation [0.1] which I was totally unaware of: 

midpoint [1] [1.1] by evolveum and the Syncope [2] Apache project.

Since I think that those could serve (at least) as an inspiration

for Keycloak I wanted to share this with you.

Midpoint seems to be a pretty mature product with good documentation and 

a wide feature palette as one can see here: [1.2]. 

Some of of those features might also be worth to be added to keycloak, e.g.:

- Detailed information about user attribute / configuration changes via Deltas [1.3], [1.5]

- Parametric Roles as part of their Hybrid RBAC support [1.4]

- Support for Segregation of Duties by Role Exclusions [1.6]

SSO support in midPoint is provided by a Spring Security integration

as well as support for CAS, but I could not find an implementation for

OAuth 2.0, Open ID Connect nor SAML - only a Google Summer of Code 2015

OAuth / Open Id Connect integration proposal.

Midpoint seems to be a fully fledged IAM solution already but, IMHO with a 

much broader scope (enterprise IdM, IAM) than Keycloak (IdM for cloud products).

Syncope [2.1] on the other hand seems to an effort to reimplement an 

IdM (provisioning) solution from scratch.

Has anybody here heared of or investigated those projects?

[0] https://fosdem.org/2016/schedule/track/security/

[0.1] https://fosdem.org/2016/schedule/event/midpointidm/

[1] https://evolveum.com/midpoint/

[1.1] https://github.com/Evolveum/midpoint

[1.2] https://wiki.evolveum.com/display/midPoint/Features

[1.3] https://wiki.evolveum.com/display/midPoint/Deltas

[1.4] https://wiki.evolveum.com/display/midPoint/Advanced+Hybrid+RBAC

[1.5] https://wiki.evolveum.com/display/midPoint/Relativity

[1.6] https://wiki.evolveum.com/display/midPoint/Segregation+of+Duties

[2] https://syncope.apache.org/

[2.1] https://github.com/apache/syncope

Cheers,

Thomas