The current release of didmos2-demo is v2.2.0, it consists of the following versions of the individual modules:
| Integrated in didmos2-demo | ||
|---|---|---|
| Core | didmos2-core | v2.5.0 |
| didmos2-openldap | v2.5.0 | |
| LUI | didmos2-demo-frontend | v2.2.0 |
| Authenticator | didmos2-auth | v2.6.0 |
| didmos2-mongodb | v2.3.0 | |
| Not integrated in didmos2-demo | ||
| Provisioner | didmos2-ra | |
| didmos2-rabbitmq-worker | ||
| Not yet updated to didmos2 | ||
| ETL | ||
| Pwd Synchronizer | ||
Small bugs / issues with the most recent release are collected in Known Issues and not included in the Roadmap. |
The following features are currently in development and are expected to become part of didmos2-demo with the next release, v.2.3.0.
Currently, there is no planned release date for didmos2-demo v2.3.0.
DAASI International plans to centralise a large part of the configuration of each module in a config server app, which will be part of didmos2-core. For example, this will enable the configuration of password policies, attributes and language settings for all modules at a single point.
The didmos Provisioner is already upgraded to a new didmos2 version, but currently not fully integrated in the didmos2-demo. It can, however, already be used in individual projects.
In this task, all components of the new Provisioner are integrated in didmos2-demo. This will entail to include the components in the development environment, pipelines and deployment examples.
In this task the existing LDAP & AD-Connector from the didmos1 framework are migrated to be compatible with the didmos2 version of the module.
The didmos LUI admin tool already allows for the management of group memberships. In this task, this functionality is extended to manage role memberships as well. Administrators will be able to add and modify role memberships in the user objects.
The following features are planned, but development has not yet started. The release dates for these features are yet to be determined.
didmos Authenticator already is a very capable tool for SSO solutions in web-based scenarios. We plan to extend these capabilities by adding more OAuth2 features, such as the client credentials grant flow, token introspection and a more precisely callibrated access control.
Currently, didmos Authenticator uses the Django framework to display content,, such as the login page. Consequently, included features of the framework, i.e. multi language, can be used as well. However, the Django framework has a rather large footprint and we only use a fraction of the features. We are planning to redesign these parts of didmos Authenticator to reduce the extend of 3rd-party dependencies.
We're planning to add a comprehensive and easy-to-use browser for the LDAP directory into didmos LUI. This browser could be used in various scenarios in the future. Additionally, it could also serve as the foundation to enable displaying breadcrumbs in didmos LUI.
Administrators can already manage groups (create new groups and modify existing groups) and memberships (add users to groups or modify existing memberships). It is also possible to declare groups as "open" or "subscribable", so that users can automatically join groups or must request access beforehand.
We are planning to allow more finely tuned management of these permissions; for example, it will be possible to limit the use of parameters such as "open" or "subscribable" to certain user roles instead of setting them globally for all users.
Another planned addition is to allow for hierarchical group management, i.e. subgroups.
The didmos framework already has baseline multi-tenanacy-capabilities in some modules, e.g. the PDP app in didmos Core and the structure of the metadirectory.
In a future version these functions are going to be extended to allow management of multi-tenancy use cases in didmos LUI. This upgrade will also introduce multi tenancy in other modules, i.e. didmos Authenticator.
Account linking allows to combine two or more different authentication methods to reflect one and the same internal account in didmos. For example, this would allow didmos users, who have registered manually, to link a social ID (i.e. Facebook) to their didmos accoun. This way they would be able to login using this Facebook ID afterwards.
didmos Core already offers a comprehensive implementation of the RBAC standard as part of the didmos Decision Point app. This allows using the built-in role management functionality in didmos for expression permissions required for certain resources. External services can then query the Decision Point for access decisions ("Is user X allowed to do Y on resource Z?"). Currently, management of these rules can be done using a REST-API.
DAASI International is planning to integrate the management of the Decision Point into the didmos LUI module. Thus, administrators will be able to use the GUI application for role, resource, and permission management.
In a future version, the didmos ETL module will be upgraded to better match the didmos2 framework. This upgrade includes changes to be written using the didmos Core API instead of writing directly into the metadirectory.