[keycloak-dev] Certificate Management, Directory Services and Device Registration
Bill Burke
bburke at redhat.com
Fri Dec 20 15:42:06 EST 2013
On 12/20/2013 3:27 PM, Anil Saldhana wrote:
> Some of this is what I hear from users, customers and the industry. Also
> see below:
>
> On 12/20/2013 02:23 PM, Anil Saldhana wrote:
>> Bill brought out some thoughts in my mind which I want to capture here
>> to see what your thoughts are:
>>
>> * Certificate Management
>> - We need a good system to CRUD certificates. The only good Java based
>> oss I have seen is EJBCA.
>>
>> * Directory Server/Services
>> - We have ApacheDS and OpenDS (or the ForgeRock version) as two
>> possibilities in Java based directory servers. I am unsure if we have
>> really explored building a solution for directory services.
> * Another important consideration is Active Directory. It is an
> ecosystem - has LDAP, Kerberos/SPNego, SAML, WSTrust etc. I think we
> really need some type of Open Source solution to this ecosystem. The
> core starts with directory services or a facade.
>
A huge part of Keycloak's value-add is it provides the UI for login,
registration, acct/credential/device/realm management. If these AD/LDAP
services are read-only, then there's not a lot Keycloak can offer you.
Also, for Keycloak 1.0.Final, we're focusing solely on securing Web Apps
and RESTful services. We can't have too many tangents or feature creep.
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
More information about the keycloak-dev
mailing list