[keycloak-dev] Certificate Management, Directory Services and Device Registration

Anil Saldhana Anil.Saldhana at redhat.com
Fri Dec 20 15:52:00 EST 2013


On 12/20/2013 02:42 PM, Bill Burke wrote:
>
> On 12/20/2013 3:27 PM, Anil Saldhana wrote:
>> Some of this is what I hear from users, customers and the industry. Also
>> see below:
>>
>> On 12/20/2013 02:23 PM, Anil Saldhana wrote:
>>> Bill brought out some thoughts in my mind which I want to capture here
>>> to see what your thoughts are:
>>>
>>> * Certificate Management
>>> - We need a good system to CRUD certificates.  The only good Java based
>>> oss I have seen is EJBCA.
>>>
>>> * Directory Server/Services
>>> - We have ApacheDS and OpenDS (or the ForgeRock version) as two
>>> possibilities in Java based directory servers. I am unsure if we have
>>> really explored building a solution for directory services.
>> * Another important consideration is Active Directory. It is an
>> ecosystem - has LDAP, Kerberos/SPNego, SAML, WSTrust etc. I think we
>> really need some type of Open Source solution to this ecosystem. The
>> core starts with directory services or a facade.
>>
> A huge part of Keycloak's value-add is it provides the UI for login,
> registration, acct/credential/device/realm management.  If these AD/LDAP
> services are read-only, then there's not a lot Keycloak can offer you.
Rather than viewing them as read-only services, I view them as directory 
services that your ecosystem of apps (internal as well as external) 
ranging from browsers to mobile can utilize.
> Also, for Keycloak 1.0.Final, we're focusing solely on securing Web Apps
> and RESTful services.  We can't have too many tangents or feature creep.
>
Agreed - long term thinking.


More information about the keycloak-dev mailing list