Firstyear
Firstyear
Add support for testkit to install a version, and then upgrade it to another version.
Implement key-domains, where a key-domain is responsible for signing task over a subset of elements within Kanidm. This might be an Oauth2rs, service acounts, user auth tokens, or more. Each...
Currently each service account gets it's own JWT signing key. This was intended to prevent damage of key disclosure, but it generally just causes key lookup complexity and other issues....
The Oauth2 RFC is really confusing. And because of that I implemented some parts incorrectly - mostly around terminology. The concept of a *client* vs a *resource server* was so...
Some API elements in the v1 interface are internals that may change version to version. These should be moved to the internal.rs file, since this crate represents what we do/don't...
Currently the process to configure replication is quite involved, requiring exchanging of certificates manually. We should have a replication coordinator that can automatically distribute the certificates and generate replication topology...
I think we need to do a bit of an audit of our logging messages. Currently we have a bit of a mix of things, and that leads to great...
To support features like #1614 and #1553 we need to have machines in a trusted state that can request keys or cryptographic material on behalf of their users. This is...
Currently we depend on a number of pre-release webauthn features. We need webauthn-rs to release 0.5.0 so that we can avoid this https://github.com/kanidm/webauthn-rs/issues/386
To prevent key disclosure we should store keys in a HSM/PKCS11 module. If this is not available, then we should store keys in encrypted forms and decrypt as needed. This...