The current release of didmos2-demo is v2.2.0, which it consists of the following versions of the individual modules:
|Integrated in didmos2-demo|
|Not integrated in didmos2-demo|
|Not yet updated to didmos2|
The following features are currently in development and are expected to become part of didmos2-demo in with the next release, v.2.3.0.
Currently, there is no planned release date for didmos2-demo v2.3.0.
Centralised Configuration Management ("config server")
DAASI International plans to centralise a large part of the configuration of each module in a config server app, which will be part of didmos2-core. For example, this will allow enable the configuration of password policies, attributes and language settings for all modules at a single point.
Integration of didmos Provisioner in didmos2-demo
The didmos module Provisioner is already updated upgraded to a new didmos2 version, but currently not fully integrated in the didmos2-demo. It can, however, already be used in individual projects.
In this task, all components of the new Provisioner are integrated in didmos2-demo. This includes making will entail to include the components available in the development environment, pipelines and deployment examples.
In this task the existing LDAP & AD-Connector from the didmos1 framework are migrated to be compatible with the didmos2 version of the module.
Roles in didmos LUI (
The didmos LUI admin tool already allows for the management of group memberships. In this task, this functionality is extended to also work for manage role memberships as well. Administrators will be able to add and modify role memberships in the user objects.
The following features are planned, but development has not yet started. The date of release of dates for these features is not yet fixedare yet to be determined.
Capabilities for didmos Authenticator
didmos Authenticator already is a very capable tool for SSO solutions in web-based scenarios. We plan to extend these capabilities by adding more OAuth2 features, such as the client credentials grant flow, token introspection and a more fine grained precisely callibrated access control.
Frameworks Used in didmos Authenticator
Currently, didmos Authenticator uses the Django framework to enable certain browser-facing capabilities, such as the login page. This allows to leverage built-in features, for example for multi language. However, the Django framework has a rather large footprint and we only use a fraction of the features. We 're are planning to redesign these parts of didmos Authenticator and to reduce the amount extend of 3rd-party dependencies.
Browser in didmos LUI
We're planning to add a comprehensive and easy-to-use browser to the LDAP directory to didmos LUI. This browser could be used in various scenarios in the future and for instance would also build . Additionally, it could also serve as the foundation to allow enable displaying breadcrumbs in didmos LUI.
Group Management in didmos LUI
Administrators can already manage groups (create new groups and modify existing groups) and memberships (add users to groups or modify existing memberships). It is also possible to declare groups as "open" or "subscribable", so that users can automatically join groups or must request access beforehand.
We are planning to allow more fine grained finely tuned management of these permissions, such that the operations, that users are permitted to do, can be controlled based on roles or other parameters.
Another planned addition is to allow for hierarchical group management, i.e. subgroups.
Multi-Tenancy in All Modules
The didmos framework already has baseline functionality for multi-tenanacy-capabilities in some modules, such as e.g. the PDP app in didmos Core and the structure of the metadirectory.
In a future version these capabilities will functions are going to be extended to allow management of multi-tenancy use cases in didmos LUI. Such an This upgrade will also introduce multi tenancy in other modules, such as i.e. didmos Authenticator.
Linking in didmos Authenticator & LUI
Account linking allows to combine two or more different authentication methods to reflect one and the same internal account in didmos. This would for example allow a didmos user, which has For example, this would allow didmos users, who have registered manually, to link a social ID (such as i.e. Facebook) to the account and then subsequently their didmos accoun. This way they would be able to login using this Facebook ID afterwards.
Management of Policy Decision Point (PDP) in didmos LUI
didmos Core already offers a comprehensive implementation of the RBAC standard as part of the didmos Decision Point app. This allows to use using the built-in role management functionality in didmos for expression permissions to use required for certain resources. External services can then query the Decision Point for access decisions ("Is user X allowed to do Y on resource Z?"). Currently, management of these rules can be done using a REST-API.
DAASI International is planning to integrate the management of the Decision Point into the didmos LUI module, so that an administrator can administrators will be able to use the GUI application for management of roles, resources and permissions. role, resource, and permission management.
Upgrade of didmos ETL
In a future version, the didmos ETL module will be upgraded to better match the didmos2 framework. This upgrade includes writing changes via to be written using the didmos Core API instead of writing directly to into the metadirectory.