The current release of didmos2-demo is v2.2.0, which consists of the following versions of the individual modules:
|Integrated in didmos2-demo|
|Not integrated in didmos2-demo|
|Not yet updated to didmos2|
Features currently in development
The following features are currently in development and are expected to become part of didmos2-demo in the next release v.2.3.0.
Currently there is no planned release date for didmos2-demo v2.3.0.
Centralized configuration management ("config server")
DAASI International plans to centralise a large part of the configuration of each module in a config server app, which will be part of didmos2-core. For example, this will allow configuration of password policies, attributes and language settings for all modules at a single point.
Integration of didmos Provisioner in didmos2-demo
The didmos module Provisioner is already updated to a new didmos2 version, but currently not fully integrated in the didmos2-demo. It can, however, already be used in individual projects.
In this task, all components of the new Provisioner are integrated in didmos2-demo. This includes making the components available in the development environment, pipelines and deployment examples.
LDAP/AD-Connector for didmos Provisioner
In this task the existing LDAP & AD-Connector from the didmos1 framework are migrated to be compatible with the didmos2 version of the module.
Management of roles in didmos LUI (admin tool)
The didmos LUI admin tool already allows management of group memberships. In this task this functionality is extended to also work for role memberships. Administrators will be able to add and modify role memberships in the user objects.
The following features are planned, but development has not yet started. The date of release of these features is not yet fixed.
Advanced OAuth2 capabilities for didmos Authenticator
didmos Authenticator already is a very capable tool for SSO solutions in web-based scenarios. We plan to extend these capabilities by adding more OAuth2 features, such as the client credentials grant flow, token introspection and more fine grained access control.
Refactoring of frameworks used in didmos Authenticator
Currently didmos Authenticator uses the Django framework to enable certain browser-facing capabilities, such as the login page. This allows to leverage built-in features, for example for multi language. However, the Django framework has a rather large footprint and we only use a fraction of the features. We're planning to redesign these parts of didmos Authenticator and reduce the amount of 3rd-party dependencies.
LDAP browser in didmos LUI
We're planning to add a comprehensive and easy-to-use browser to the LDAP directory to didmos LUI. This browser could be used in various scenarios in the future and for instance would also build the foundation to allow displaying breadcrumbs in didmos LUI.
Advanced group management in didmos LUI
Administrators can already manage groups (create new groups and modify existing groups) and memberships (add users to groups or modify existing memberships). It is also possible to declare groups as "open" or "subscribable", so that users can automatically join groups or request access.
We are planning to allow more fine grained management of these permissions, such that the operations, that users are permitted to do, can be controlled based on roles or other parameters.
Another planned addition is to allow for hierarchical group management, i.e. subgroups.
Advanced multi tenancy in all modules
The didmos framework already has baseline functionality for multi tenanacy in some modules, such as the PDP app in didmos Core and the structure of the metadirectory.
In a future version these capabilities will be extended to allow management of multi tenancy use cases in didmos LUI. Such an upgrade will also introduce multi tenancy in other modules, such as didmos Authenticator.
Account linking in didmos Authenticator & LUI
Account linking allows to combine two or more different authentication methods to reflect one and the same internal account in didmos. This would for example allow a didmos user, which has registered manually, to link a social ID (such as Facebook) to the account and then subsequently be able to login using this Facebook ID.
Management of Policy Decision Point (PDP) in didmos LUI
didmos Core already offers a comprehensive implementation of the RBAC standard as part of the didmos Decision Point app. This allows to use the built-in role management functionality in didmos for expression permissions to use certain resources. External services can then query the Decision Point for access decisions ("Is user X allowed to do Y on resource Z?"). Currently management of these rules can be done using a REST-API.
DAASI International is planning to integrate management of the Decision Point into the didmos LUI module, so that an administrator can use the GUI application for management of roles, resources and permissions.
Upgrade of didmos ETL
In a future version, the didmos ETL module will be upgraded to better match the didmos2 framework. This upgrade includes writing changes via the didmos Core API instead of directly to the metadirectory.