Hello group,

whilst browsing the security talks of this weeks FOSDEM 2016 [0], 
I stumbled upon two open source Identity Management solutions 
in that presentation [0.1] which I was totally unaware of: 
midpoint [1] [1.1] by evolveum and the Syncope [2] Apache project.

Since I think that those could serve (at least) as an inspiration
for Keycloak I wanted to share this with you.

Midpoint seems to be a pretty mature product with good documentation and 
a wide feature palette as one can see here: [1.2]. 
Some of of those features might also be worth to be added to keycloak, e.g.:
- Detailed information about user attribute / configuration changes via Deltas [1.3], [1.5]
- Parametric Roles as part of their Hybrid RBAC support [1.4]
- Support for Segregation of Duties by Role Exclusions [1.6]

SSO support in midPoint is provided by a Spring Security integration
as well as support for CAS, but I could not find an implementation for
OAuth 2.0, Open ID Connect nor SAML - only a Google Summer of Code 2015
OAuth / Open Id Connect integration proposal.

Midpoint seems to be a fully fledged IAM solution already but, IMHO with a 
much broader scope (enterprise IdM, IAM) than Keycloak (IdM for cloud products).

Syncope [2.1] on the other hand seems to an effort to reimplement an 
IdM (provisioning) solution from scratch.

Has anybody here heared of or investigated those projects?

[0] https://fosdem.org/2016/schedule/track/security/
[0.1] https://fosdem.org/2016/schedule/event/midpointidm/
[1] https://evolveum.com/midpoint/
[1.1] https://github.com/Evolveum/midpoint
[1.2] https://wiki.evolveum.com/display/midPoint/Features
[1.3] https://wiki.evolveum.com/display/midPoint/Deltas
[1.4] https://wiki.evolveum.com/display/midPoint/Advanced+Hybrid+RBAC
[1.5] https://wiki.evolveum.com/display/midPoint/Relativity
[1.6] https://wiki.evolveum.com/display/midPoint/Segregation+of+Duties
[2] https://syncope.apache.org/
[2.1] https://github.com/apache/syncope

Cheers,
Thomas