Choose IAM platform
The Identity and Access Management Platform we choose will be a core part of our users’ experience within a LoRes Region.
Selection is carried out in the context of our general section principles.
General Required Features
- Single Sign On that is compatible with Co-op Cloud Apps (eg, OpenID)
- Assignment of apps to users
- Mobile-responsive design
LoRes Specific Requirements
- Needs to synchronise between all nodes in the region. We don’t expect this to happen out of the box, but we’d like a way to do this without forking an open source IAM product.
Nice to have
- Assignment of users to groups/organisations
- Custom landing page
- A good user-sign up experience
- Dark mode
Contenders
| Rauthy | Kanidm | Authentik | |
|---|---|---|---|
| Git | link | link | link |
| Website | link | link | link |
| Backend | Rust 🦀 | Rust 🦀 | Python 🐍 |
| Frontend | Typescript & Svelte | Rust & server-side HTML | Typescript & strangeness |
| CC Score | 0 | N/A | 0 |
| Low resource | ✅✅ | ✅ | ❓ |
Neighbourhood-first
Of all the apps on an LoRes Node, ensuring that IDM syncs across all nodes is one of the most important. Here we examine what options exist for performing an eventually consistent sync over low bandwidth connections (eg Reticulum, LoRa, etc) between the IDM product on each node, ideally using P2Panda.