The current release of didmos2-demo is v2.2.0, it consists of the following versions of the individual modules:
|Integrated in didmos2-demo|
|Not integrated in didmos2-demo|
|Not yet updated to didmos2|
Features Currently in Development
The following features are currently in development and are expected to become part of didmos2-demo with the next release, v.2.3.0.
Currently, there is no planned release date for didmos2-demo v2.3.0.
Centralised Configuration Management ("config server")
DAASI International plans to centralise a large part of the configuration of each module in a config server app, which will be part of didmos2-core. For example, this will enable the configuration of password policies, attributes and language settings for all modules at a single point.
Integration of didmos Provisioner in didmos2-demo
The didmos Provisioner is already upgraded to a new didmos2 version, but currently not fully integrated in the didmos2-demo. It can, however, already be used in individual projects.
In this task, all components of the new Provisioner are integrated in didmos2-demo. This will entail to include the components in the development environment, pipelines and deployment examples.
LDAP/AD-Connector for didmos Provisioner
In this task the existing LDAP & AD-Connector from the didmos1 framework are migrated to be compatible with the didmos2 version of the module.
Management of Roles in didmos LUI (Admin Tool)
The didmos LUI admin tool already allows for the management of group memberships. In this task, this functionality is extended to manage role memberships as well. Administrators will be able to add and modify role memberships in the user objects.
The following features are planned, but development has not yet started. The release dates for these features are yet to be determined.
Advanced OAuth2 Capabilities for didmos Authenticator
didmos Authenticator already is a very capable tool for SSO solutions in web-based scenarios. We plan to extend these capabilities by adding more OAuth2 features, such as the client credentials grant flow, token introspection and a more precisely callibrated access control.
Refactoring of Frameworks Used in didmos Authenticator
Currently, didmos Authenticator uses the Django framework to enable certain browser-facing capabilities, such as the login page. This allows to leverage built-in features, for example for multi language. However, the Django framework has a rather large footprint and we only use a fraction of the features. We are planning to redesign these parts of didmos Authenticator to reduce the extend of 3rd-party dependencies.
LDAP Browser in didmos LUI
We're planning to add a comprehensive and easy-to-use browser to the LDAP directory to didmos LUI. This browser could be used in various scenarios in the future. Additionally, it could also serve as the foundation to enable displaying breadcrumbs in didmos LUI.
Advanced Group Management in didmos LUI
Administrators can already manage groups (create new groups and modify existing groups) and memberships (add users to groups or modify existing memberships). It is also possible to declare groups as "open" or "subscribable", so that users can automatically join groups or must request access beforehand.
We are planning to allow more finely tuned management of these permissions, such that the operations, that users are permitted to do, can be controlled based on roles or other parameters.
Another planned addition is to allow for hierarchical group management, i.e. subgroups.
Advanced Multi-Tenancy in All Modules
The didmos framework already has baseline multi-tenanacy-capabilities in some modules, e.g. the PDP app in didmos Core and the structure of the metadirectory.
In a future version these functions are going to be extended to allow management of multi-tenancy use cases in didmos LUI. This upgrade will also introduce multi tenancy in other modules, i.e. didmos Authenticator.
Account Linking in didmos Authenticator & LUI
Account linking allows to combine two or more different authentication methods to reflect one and the same internal account in didmos. For example, this would allow didmos users, who have registered manually, to link a social ID (i.e. Facebook) to their didmos accoun. This way they would be able to login using this Facebook ID afterwards.
Management of Policy Decision Point (PDP) in didmos LUI
didmos Core already offers a comprehensive implementation of the RBAC standard as part of the didmos Decision Point app. This allows using the built-in role management functionality in didmos for expression permissions required for certain resources. External services can then query the Decision Point for access decisions ("Is user X allowed to do Y on resource Z?"). Currently, management of these rules can be done using a REST-API.
DAASI International is planning to integrate the management of the Decision Point into the didmos LUI module, so administrators will be able to use the GUI application for role, resource, and permission management.
Upgrade of didmos ETL
In a future version, the didmos ETL module will be upgraded to better match the didmos2 framework. This upgrade includes changes to be written using the didmos Core API instead of writing directly into the metadirectory.