mart-w/kanidm
1
0
Fork 0
mirror of https://github.com/kanidm/kanidm.git synced 2025-02-23 20:47:01 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

Update readme

Browse source
This commit is contained in:
William Brown 2019-07-28 21:25:12 +09:00
parent 6ba0f6fccb
commit 4934894666
1 changed files with 35 additions and 28 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

63
README.md
View file

@ -9,45 +9,52 @@ Kanidm is an identity management platform written in rust. Our goals are:
* Modern identity management platform * Modern identity management platform
* Simple to deploy and integrate with * Simple to deploy and integrate with
* extensible * Extensible for various needs
* correct * Correct and secure behaviour by default
Today the project is still under heavy development to achieve these goals - we don't expect a fully
functional release before early 2020.
## Code of Conduct ## Code of Conduct
See CODE_OF_CONDUCT.md See [CODE_OF_CONDUCT.md]
## Examples [CODE_OF_CONDUCT.md]: https://github.com/Firstyear/kanidm/blob/master/CODE_OF_CONDUCT.md
## MVP features ## Some key ideas
* Pam/nsswitch clients (with offline auth, and local totp) * All people should be respected and able to be respresented securely.
* CLI for admin * Devices represent users and their identities - they are part of the authentication.
* Human error occurs - we should be designed to minimise human mistakes and empower people.
* The system should be easy to understand and reason about for users and admins.
## Quick start
Details to come ...
## Implemented/Planned features
* RBAC design
* SSH key distribution for servers
* Pam/nsswitch clients (with limited offline auth)
* Sudo rule distribution via nsswitch
* CLI and WebUI for administration
* OIDC/Oauth * OIDC/Oauth
* SSH key distribution * Claims (limited by time and credential scope)
* MFA (TOTP) * MFA (Webauthn, TOTP)
* In memory read cache (cow) * Highly concurrent desgin (MVCC, COW)
* backup/restore * Replication (async multiple active write servers, read only servers)
## Planned features
* Replicated database backend (389-ds, couchdb, or custom repl proto)
* SAML
* Read Only Replicas
* Certificate distribution?
* Web UI for admin
* Account impersonation * Account impersonation
* Webauthn * RADIUS integration
* Sudo rule distribution via nsswitch? * Self service UI with wifi enrollment, claim management and more.
* Synchronisation to other IDM services
## Features we want to avoid ## Features we want to avoid
* Audit: This is better solved by ... * Auditing: This is better solved by SIEM software, so we should generate data they can consume.
* Fully synchronous behaviour: ... * Fully synchronous behaviour: This is slow.
* Generic database: ... (max db size etc) * Generic database: We don't want to be another NoSQL database, we want to be an IDM solution.
* Being LDAP: ... * Being LDAP/GSSAPI/Kerberos: These are all legacy protocols that are hard to use and confine our thinking - we should avoid "being like them".
* GSSAPI/Kerberos
## More?
## Get involved ## Get involved