Keycloak proposal for submission to CNCF #405
Conversation
|
SIG Security Assesment Request: cncf/tag-security#372 |
minor fixes and improvements
bdaw
changed the title
|
Welcome back! Is this for sandbox or incubation? |
|
@amye it is Sandbox. I believe it is a matured enough project to match Incubation. Although from past experience would prefer to avoid this aspect derailing the discussion and create doubts on criteria to apply. Although if there is guidance and support from TOC that Incubation would be better fit would be happy to discuss and adjust. |
|
I would like to group and quote all more comprehensive comments made under specific company names in #406 "We at Bosch use Keycloak as an identity and access management system. We provide dedicated Keycloak instances internally as an SaaS offering with dozens of instances already running supporting a wide range of customer requirements. "We at Zalando (CNCF End User Supporter) are using Keycloak across some departments, with lots of extensions to support our cases. We deploy it via Kubernetes, and we see that having Keycloak joining CNCF would be a great step for the project, which could leverage being close to all the graduated systems from CNCF, receiving support and resources from the experts that manage to accomplish those graduations." "We use Keycloak in Cisco IT. It is the main component of the CIAM implementation we have. We chose Keycloak because of its vibrant and helpful community. "Backbase use Keycloak at the heart of our IAM solution for many Banks, Credit Unions and other FIs globally, and normally deploys it on Kubernetes in a cloud-based environment. The community around Keycloak is also well established, friendly, active and helpful, and we are proud to have contributed back to Keycloak. The Keycloak core team are open to contribution and have a mature process for managing this. We think Keycloak is a great fit for the CNCF and is an important and mature part of the open source IAM space." "+1 Super Supportive! We (Government of British Columbia) have been using KeyCloak in production for about 2years. It solved a major pain point for developers working with the various government identity providers. CNCF all the way." "We have been using Keycloak (RedHat SSO) for at least a couple of years if not longer, at Fresenius Medical Care North America IT Group. It's been very helpful for us to offer OAuth JWT based authentication to our applications as a facade to our legacy Access Management and Identify Management systems in the back end. I would like to see Keycload pick up more support, so that it can keep up or exceed industry leading solution." "In Cloudtrust (https://github.com/cloudtrust), we are intensively using Keycloak as the core component of our IdP. Our identity provider is offered in SaaS mode, and hosted on a multi-site OKD / OpenShift platform, with high availability as one of the main constraints. Deploying and managing Keycloak in this context is pretty easy, and extending the features in order to cover our specific business needs is really neat. "+1 for U.S Air Force." Hitachi : "+1 Keycloak is essential to secure API/microserivce by OAuth/OIDC on cloud. NTT Communications : Nomura Research Institute, Ltd. : |
|
Would also like to add few other publicly accessible websites which are using Keycloak OSS and we are aware of. AT&T: https://apimarket.att.com/auth/realms/att/account Sonatype: https://auth.sonatype.com/auth/ Hy-Vee: https://accounts.hy-vee.com/auth/ UK Home Office: Presentation of their use of Keycloak Telia: https://developer.telia.io/ Please Open It: https://please-open.it/ Landen: https://cloud-iam.landen.co/ Investopedia: https://www.investopedia.com/auth/realms/investopedia/ Blazemeter: https://auth.blazemeter.com/auth/realms/blazect/ Truck Assist: https://truckassist.com.au/auth/realms/truckassist Personal Genome: https://personalgenomes.ca/auth/realms/PGPCanada/ |
|
Here are two newly recorded videos giving quickest possible introduction to the project: Keycloak Pitch [1m 42s] Keycloak Introduction [32min 11s] |
|
@amye With recent changes being introduced into Sandbox process I would like to change the submission to be for Incubation. Sandbox in new form which is being introduced doesn't fit Keycloak which is already a mature and widely adopted project. At the same time I do believe Keycloak meets all of required Incubation criteria. |
|
@bdaw: As part of this process, you'll need to have a TOC sponsor for Due Diligence if you'd like to submit for incubation. We have Due Diligence guidelines and the Incubating Process page has more details for what needs to be included in the proposal if you'd like to change to incubation. |
|
@amye as I am away rest of the week will investigate any missing information in the submission regarding Incubation Process early next week. Is it responsibility of the project to establish a sponsor to perform DD for Incubation or one is assigned as part of the process? |
|
@bdaw - see https://github.com/cncf/toc/tree/master/process#project-graduation-process-sandbox-to-incubating. The project should ask for a sponsor from the TOC to move the project forward. |
|
@amye Just to clarify and double check:
|
No, you do need to have a TOC sponsor to move Due Diligence forward, and it's the responsibility of the projecs to find sponsors. However, to start the process, an incubation proposal is the first step. I'd suggest opening a new PR with the incubation focus instead of adding here. |
|
Closing as there's an incubation request in as well. |
Keycloak submitted to CNCF in 2018 although has been impacted by process changes and halt of intake of new projects. This to certain extend derailed previous submission.
Creating a new PR instead of reopening old one as template changed.
Quickest way to learn about the project:
What is worth highlighting in relation to previous discussions:
Old closed PR: #176