kanidm VS solid

Kanidm is a identity management platform with a ldap compatible interface, sso and more. It's still young, but the author works on the 389 ldap server at suse, so knows how to build a secure ldap alternative :)

Kanidm: A simple, secure and fast identity management platform\ (22 comments)

Here is the OAuth/OIDC issue: https://github.com/kanidm/kanidm/issues/278

They are talking here: https://github.com/kanidm/kanidm/pull/485 about being an IdP with support for OIDC, so once that is implemented you could probably federate to Keycloak (or any other compliant IdP).

Might be worth filing an issue, I'm sure they'd love the feedback.

Interesting that they are choosing to provide an integrated solution including user management and OAuth IdP ( https://github.com/kanidm/kanidm/pull/485 ) rather than plug into existing open source or even commercial offerings.

Here's a design doc about their OAuth choices: https://github.com/kanidm/kanidm/blob/master/designs/oauth.r...

It would seem simpler to go with the Ory approach of "best in breed" for, say network management tooling (most of which they already have implemented), and then integrate with Keycloak, Okta, FusionAuth, the Ory suite, etc for user management. Maybe they didn't want to do that because there are synergies with integrated user management? I dunno, seems like there are a lot of user management tools out there.

I also find it interesting that they explicitly disallow a goal of building a better LDAP server. I think there's a lot of room to run in that. My employer has had users show a fair bit of interest in a modern experience with LDAP layered on top ( https://github.com/FusionAuth/fusionauth-issues/issues/954 ) and I talked to someone at a conference that had built a whole business out of virtual LDAP: https://www.radiantlogic.com . They were working with companies with multiple LDAP based auth systems, and providing a way to have apps see one view of the user.

Maybe kanidm isn't that project, but it seems like a modern OSS LDAP implementation would be welcomed by the software community.

Disclosure: I work at FusionAuth.

Kanidm, it might not sound as fun or exciting but this sound engineering driven by exceptional people. Similarly, concread.

saml-rs, creating a SAML IdP in rust, kind of spun out of trying to do it for Kanidm.

And now they employ one of the lead 389 Directory Server developers (now the default in SUSE instead of OpenLDAP which is is still available but is going to be depreciated). The same person is also the lead developer of Kandim, a new beta IDM that looks really promising (but is likely quite some time from being ready for enterprise production).

This doesn't support the various consumer cloud storage APIs, but you've just reminded me of a project I ran into years ago that seems to still be around: https://remotestorage.io/

There's also Solid which attempts to do something similar: https://solidproject.org/

Solid is a web native protocol to enable interoperable, read-write, collaborative, and decentralized web, truer to web's original vision.

Manas project(https://github.com/manomayam/manas/tree/main) aims to create a modular framework and ecosystem to create correct, robust storage servers adhering to Solid protocol in rust.

[Solid](https://solidproject.org/) is a web native protocol to enable interoperable, read-write, collaborative, and decentralized web, truer to web's original vision.

    Solid adds to existing Web standards to realise a space where individuals can maintain their autonomy, control their data and privacy, and choose applications and services to fulfil their needs.

Tim Berners-Lee's Solid project is working on that. Put data in "pods" that are stored on pod servers, which are federated. You can self-host.

It could be a federated layer of identity & personal content decoupled from social platforms.

https://solidproject.org/

Check out https://solidproject.org (If you want a short intro I recently gave a ~30min talk about it: https://noeldemartin.com/fosdem)

I haven't tried, but SOLID pods would probably do the trick. https://solidproject.org/

I wanted to start a discussion about the Solid standard (https://solidproject.org/) and the apps built on top of it. Solid is a technology developed by Sir Tim Berners-Lee, the creator of the World Wide Web, that aims to give users control over their personal data. It's based on the idea of "personal pods," where users store their data in a secure and private way, and can choose who has access to it.

This example was created for the specific needs of Web Storage, File and Solid Pod persistence, for a scaling representation of JSON application state.

Well, if you want a decentralised web without going down the snake-oil of blockchain stuff, then Tim-Berners Lee is actually working on a neat project y'all can get involved with today called the Solid Project!

If you're interested in a decentralised web, then Tim Berners-Lee is already part of an open-source crew making that possible without the blockchain over on the Solid Project - take a look and contribute if you're interested in that kind of thing!