Kanidm: A simple, secure and fast identity management platform

This page summarizes the projects mentioned and recommended in the original post on news.ycombinator.com

Our great sponsors
  • OPS - Build and Run Open Source Unikernels
  • Scout APM - Less time debugging, more time building
  • SonarLint - Deliver Cleaner and Safer Code - Right in Your IDE of Choice!
  • GitHub repo kanidm

    Kanidm: A simple, secure and fast identity management platform

    Interesting that they are choosing to provide an integrated solution including user management and OAuth IdP ( https://github.com/kanidm/kanidm/pull/485 ) rather than plug into existing open source or even commercial offerings.

    Here's a design doc about their OAuth choices: https://github.com/kanidm/kanidm/blob/master/designs/oauth.r...

    It would seem simpler to go with the Ory approach of "best in breed" for, say network management tooling (most of which they already have implemented), and then integrate with Keycloak, Okta, FusionAuth, the Ory suite, etc for user management. Maybe they didn't want to do that because there are synergies with integrated user management? I dunno, seems like there are a lot of user management tools out there.

    I also find it interesting that they explicitly disallow a goal of building a better LDAP server. I think there's a lot of room to run in that. My employer has had users show a fair bit of interest in a modern experience with LDAP layered on top ( https://github.com/FusionAuth/fusionauth-issues/issues/954 ) and I talked to someone at a conference that had built a whole business out of virtual LDAP: https://www.radiantlogic.com . They were working with companies with multiple LDAP based auth systems, and providing a way to have apps see one view of the user.

    Maybe kanidm isn't that project, but it seems like a modern OSS LDAP implementation would be welcomed by the software community.

    Disclosure: I work at FusionAuth.

  • GitHub repo kratos

    Next-gen identity server (think Auth0, Okta, Firebase) with Ory-hardened authentication, MFA, FIDO2, profile management, identity schemas, social sign in, registration, account recovery, and IoT auth. Golang, headless, API-only - without templating or theming headaches. (by ory)

    Thank you for publishing this open source project! One question I have though - there are so many projects in this area popping up (eg. Ory‘s Kratos - https://github.com/ory/kratos) - isn’t there a way to collaborate on these larger projects instead of starting new ones? Or are there specific differences or reasons for rebuilding something like Kandim?

  • OPS

    OPS - Build and Run Open Source Unikernels. Quickly and easily build and deploy open source unikernels in tens of seconds. Deploy in any language to any cloud.

  • GitHub repo fusionauth-issues

    FusionAuth issue submission project

    Interesting that they are choosing to provide an integrated solution including user management and OAuth IdP ( https://github.com/kanidm/kanidm/pull/485 ) rather than plug into existing open source or even commercial offerings.

    Here's a design doc about their OAuth choices: https://github.com/kanidm/kanidm/blob/master/designs/oauth.r...

    It would seem simpler to go with the Ory approach of "best in breed" for, say network management tooling (most of which they already have implemented), and then integrate with Keycloak, Okta, FusionAuth, the Ory suite, etc for user management. Maybe they didn't want to do that because there are synergies with integrated user management? I dunno, seems like there are a lot of user management tools out there.

    I also find it interesting that they explicitly disallow a goal of building a better LDAP server. I think there's a lot of room to run in that. My employer has had users show a fair bit of interest in a modern experience with LDAP layered on top ( https://github.com/FusionAuth/fusionauth-issues/issues/954 ) and I talked to someone at a conference that had built a whole business out of virtual LDAP: https://www.radiantlogic.com . They were working with companies with multiple LDAP based auth systems, and providing a way to have apps see one view of the user.

    Maybe kanidm isn't that project, but it seems like a modern OSS LDAP implementation would be welcomed by the software community.

    Disclosure: I work at FusionAuth.

  • GitHub repo solid

    Solid - Re-decentralizing the web (project directory) (by solid)

    Making this a Solid Server or starting as a Solid IDP would be pretty valuable: https://solidproject.org/

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts