[keycloak-dev] Certificate Management, Directory Services and Device Registration

Stian Thorgersen stian at redhat.com
Thu Jan 2 01:15:32 EST 2014


----- Original Message -----
> From: "Anil Saldhana" <Anil.Saldhana at redhat.com>
> To: keycloak-dev at lists.jboss.org
> Sent: Monday, 23 December, 2013 4:11:25 PM
> Subject: Re: [keycloak-dev] Certificate Management, Directory Services and Device Registration
> 
> On 12/23/2013 03:21 AM, Stian Thorgersen wrote:
> 
> 
> 
> ----- Original Message -----
> 
> 
> 
> > From: "Bill Burke" <bburke at redhat.com> > To: keycloak-dev at lists.jboss.org >
> > Sent: Friday, 20 December, 2013 8:42:06 PM > Subject: Re: [keycloak-dev]
> > Certificate Management, Directory Services and Device Registration > > > >
> > On 12/20/2013 3:27 PM, Anil Saldhana wrote:
> 
> 
> 
> > > Some of this is what I hear from users, customers and the industry. Also
> > > > > see below: > > > > On 12/20/2013 02:23 PM, Anil Saldhana wrote:
> 
> 
> 
> > >> Bill brought out some thoughts in my mind which I want to capture here >
> > >> >> to see what your thoughts are: > >> > >> * Certificate Management >
> > >> >> - We need a good system to CRUD certificates.  The only good Java
> > >> based > >> oss I have seen is EJBCA.
> EJBCA is a no-go as it's looks like it's heavily dependent on JavaEE. For
> LiveOak we need whatever libraries we use to be non-JavaEE.
> Stian - let me take a guess here. You think maybe writing a thin REST based
> system for certificate management is better?

I haven't thought much about it, but yes I think everything should be exposed through REST. Re-utilizing existing stuff is great though, but as long as we want to embed Keycloak into the LiveOak container it can't require a JavaEE runtime.

> EJBCA is an old project. I guess they started out as EJB based services.

Had a quick look at docs and looks like it is built as a set of EJBs and deployable to JBoss AS

> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> > >> > >> * Directory Server/Services > >> - We have ApacheDS and OpenDS (or
> > >> > >> the ForgeRock version) as two > >> possibilities in Java based
> > >> > >> directory servers. I am unsure if we have > >> really explored
> > >> > >> building a solution for directory services.
> > > * Another important consideration is Active Directory. It is an > >
> > > ecosystem - has LDAP, Kerberos/SPNego, SAML, WSTrust etc. I think we > >
> > > really need some type of Open Source solution to this ecosystem. The > >
> > > core starts with directory services or a facade. > >
> > > A huge part of Keycloak's value-add is it provides the UI for login, >
> > > registration, acct/credential/device/realm management.  If these AD/LDAP
> > > > services are read-only, then there's not a lot Keycloak can offer you.
> > > > > Also, for Keycloak 1.0.Final, we're focusing solely on securing Web
> > > Apps > and RESTful services.  We can't have too many tangents or feature
> > > creep.
> We can't wait to long to support mobile devices (at least Android and iOS).
> These would be required by both LiveOak and AeroGear. Not sure if that's
> before or after a 1.0.Final though. AeroGear guys can probably help us out
> here though, as they're working on OAuth2 libraries.
> Agree. Having REST based MBaaS dealing with mobile devices may be critical.
> Apache UserGrid is the new entrant in the oss space.
> 
> 
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev


More information about the keycloak-dev mailing list