List of supported features (#2499)

Co-authored-by: James Hodgkinson <james@terminaloutcomes.com>

book/src/SUMMARY.md

@@ -1,6 +1,7 @@
 # Kanidm
 
 - [Introduction to Kanidm](intro.md)
+- [Supported Features](features.md)
 
 - [Evaluation Quickstart](quickstart.md)
 

book/src/features.md

@@ -0,0 +1,71 @@
+# Supported Features
+
+This is a list of supported features and standards within Kanidm.
+
+# Authorisation
+
+- [Role Based Access Control](https://csrc.nist.gov/pubs/conference/1992/10/13/rolebased-access-controls/final)
+- [NIST Digital Identity Guidelines](https://csrc.nist.gov/pubs/sp/800/63/b/upd2/final)
+
+# Cryptography
+
+- Password Storage
+  - [RFC9106 - Argon2ID](https://datatracker.ietf.org/doc/rfc9106/)
+  - [TCG TPM Credential Binding (HMAC)](https://trustedcomputinggroup.org/resource/tpm-library-specification/)
+- [RFC6238 Time Based One Time Password](https://www.rfc-editor.org/rfc/rfc6238)
+- [RFC7519 JSON Web Token](https://www.rfc-editor.org/rfc/rfc7519)
+- [RFC7516 JSON Web Encryption](https://www.rfc-editor.org/rfc/rfc7516.html)
+
+# Data Import
+
+- [RFC4533 LDAP Content Synchronisation](https://datatracker.ietf.org/doc/html/rfc4533)
+  - [RFC4519 LDAP Schema](https://www.rfc-editor.org/rfc/rfc4519)
+  - FreeIPA User Schema
+- [RFC7644 SCIM Bulk Data Import](https://www.rfc-editor.org/rfc/rfc7644)
+
+# Database
+
+- [ACID Compliance](https://dl.acm.org/doi/10.1145/289.291)
+
+# LDAP
+
+- [RFC4511 LDAP (read-only)](https://www.rfc-editor.org/rfc/rfc4511)
+  - bind (simple)
+  - search
+  - filter
+  - whoami
+- LDAPS (LDAP over TLS)
+
+# OAuth2 / OpenID Connect
+
+- [RFC6749 OAuth 2.0 Authorisation Framework](https://www.rfc-editor.org/rfc/rfc6749)
+  - Authorisation Code Grant
+  - Client Credentials Grant
+  - RBAC scope mapping
+- [RFC6819 OAauth 2.0 Threat Model and Security Considerations](https://www.rfc-editor.org/rfc/rfc6819)
+- [RFC7009 Token Revocation](https://datatracker.ietf.org/doc/html/rfc7009)
+- [RFC7636 Proof Key for Code Exchange (SHA256 Only)](https://www.rfc-editor.org/rfc/rfc7636)
+- [RFC8414 OAuth 2.0 Authorisation Server Metadata](https://www.rfc-editor.org/rfc/rfc8414)
+- [OpenID Connect Core 1.0](https://openid.net/specs/openid-connect-core-1_0.html)
+  - RBAC claim and scope mapping
+  - PII scope claim requests
+  - ES256 id\_token signatures
+- [OpenID Connect Discovery 1.0](https://openid.net/specs/openid-connect-discovery-1_0.html)
+
+# RADIUS
+
+- [MSCHAPv2](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-chap/4740bf05-db7e-4542-998f-5a4478768438)
+- [EAP TLS (client certificate authentication)](https://wiki.freeradius.org/protocol/EAP#eap-sub-types_eap-tls)
+
+# Replication
+
+- [Strong Eventual Consistency](https://en.wikipedia.org/wiki/Eventual_consistency)
+
+# Unix Client
+
+- PAM/nsswitch client authentication
+
+# Webauthn
+
+- [Webauthn (level 3)](https://www.w3.org/TR/webauthn-3/)
+- [FIDO MDS Attestation](https://fidoalliance.org/metadata/)

book/src/intro.md

@@ -5,8 +5,7 @@ authentication and authorisation within a technical environment.
 
 The intent of the Kanidm project is to:
 
-- Provide a single truth source for accounts, groups and privileges.
+- Provide a single source of truth for authorisation and authentication.
-- Enable integrations to systems and services so they can trust Kanidm to authenticate accounts.
 - Make system, network, application and web authentication easy and accessible.
 - Secure and reliable by default, aiming for the highest levels of quality and stability.
 
@@ -32,7 +31,7 @@ example of how this looks:
 
 A key design goal is that you authenticate with your device in some manner, and then your device
 will continue to authenticate you in the future. Each of these different types of credentials, from
-SSH keys, application passwords, to RADIUS passwords and others, are "things your device knows" or
+SSH keys, application passwords, RADIUS passwords and others, are "things your device knows" or
 "things your device has". Each credential has limited capability and scope, and can only access that
 exact service or resource.