Identity Server >

Product Roadmap

Updated 1H 2020

Near-Term

Re-architect the current product for the target audience and deploy in the cloud to provide core Identity functionality (on-prem/cloud/hybrid) targeting CIAM.

  • RESTful product APIs
    • Administrative APIs (used by the admin portal)
  • Admin Portal to be independently deployable and able to retheme
    • Develop as an SPA in React to consume the REST APIs
  • Login Portal to be independently deployable, able to retheme and work with the identity gateway
    • Develop as an SPA
    • Displays login options
  • Identity Gateway to be independently deployable
    • Works on the configuration built by product APIs
    • The module to load configurations, is configurable
    • Takes runtime traffic on login (SAML, OIDC, WS-Federation, CAS)
  • OAuth 2.0 Device profile
    • RFC 8628
  • Developer tooling
    • VS Code and atom plugin to build adaptive authentication scripts and manage with git
    • Login flow debugging with VS Code and Atom
    • Maven archetypes for all Identity Server extensions
  • Agents & SDKs
    • Go / Java / .NET / JS SDKs for all product APIs
    • Nginx agent
    • Apache agent
  • Reusable login sequences/flows
  • Identity Cloud deployment
    • Deployment strategy and artifacts
    • Tenant management and onboarding
    • Metering, Throttling & Billing
  • Hybrid-cloud offering for customers running applications on-prem
    • Identity Gateway and login portal deployed on prem
    • User portal / Admin portal / Product APIs running on the cloud
  • Make the product core stable, scalable and optimized to run on Kubernetes
    • Low image size
    • Low startup time
    • Low memory footprint
    • Independently scalable immutable distributions
    • Reduce the number and complexity in configuration files
    • Decouple data sources Identity Data (user attributes, roles), Operational/Runtime Data (failed login data, access tokens), Configuration Data (SP, IdP)

Medium-Term

Expand CIAM ecosystem around Identity Server, by integrating and building technical partnerships with IAM vendors outside the access management segment.

  • Proxy-based federation support with the Gateway (App Gateway)
    • Will be part of the Identity Gateway
  • Be part of the Cloud Native Ecosystem
    • Script support policy evaluation in the login flow with OPA
    • Key rotation / management with SPIFFE / Istio
    • Integration with Jaeger/Zipkin and Graffana
  • Tight integration with a set of selected SaaS providers (AWS, Salesforce, Office 365, Ellucian, etc)
  • User experience improvements
    • Login flow builder + templates
    • Registration flow builder + templates
  • Integration with identity verification/proofing services
    • Evaluate available options and prioritize (Socure, ThreatMetrix, LexisNexis, ...)
  • Integration with 3rd party analytics (SIEM) products/services
    • Integration with Splunk
  • Integration with IGA, and PAM vendors

Future

  • Evaluate the integration options with 3rd party consent and preference management vendors: Consent Systems, Didomi, KnowNow Information, Tealium, TrustArc, etc
  • Evaluate the integration options with customer relationship management (CRM) systems (like Salesforce, Sugar CRM, Microsoft Dynamics, Net Suite CRM, etc)
  • Evaluate the integration options with marketing platforms/solutions (like Dataxu, Appboy, MailChimp, Google Analytics, Salesforce Pardot, etc)
  • Evaluate the integration options with e-commerce platforms (like Shopify, Magneto, Oracle Micros, etc)
  • Evaluate the integration options with content management systems (like Microsoft SharePoint, Drupal, WordPress, Joomla, DotNetNuke, etc)
  • Evaluate the integration options with data management platforms (like Blueconic, DoubleClick, Lotame, Krux, etc)

Overview

Identity and access management is essential to every enterprise, largely revolving under enterprise security. Securing endpoints such as devices, people, and applications, and ensuring that data from these endpoints is exchanged securely and giving access to the right resources at the right time are key properties of iIdentity and access management. With the rise of e-commerce and privacy compliance, businesses are turning towards enhancing customer experiences and are maturing from isolated IAM projects, toward integrated solutions such as Customer IAM.

CIAM is a solution that evolves over time with new business requirements. Organizations need an agile, event-driven customer IAM platform that can adapt to meet both new business opportunities and new challenges. Each CIAM project is unique because every business is unique. The key goal of a CIAM solution is to drive business growth by leveraging customer iIdentity data across multiple platforms and sources to acquire and retain customers.

Building CIAM solutions or working with CIAM tools has always been a developer’s task, focusing on storing identity data, managing, or federating them, or consuming identity APIs while contributing to the identity ecosystem. Hence customer IAM solutions need to be more developer-friendly and include capabilities that further empower developers as a way to continuously adapt to novel customer and business needs.

WSO2 Identity Server helps organizations to build an agile, extensible CIAM solution to bring in better, seamless user experiences for their customers.

It’s an API driven, cloud-native, and open-source IAM solution that provides a developer-friendly platform to federate, authenticate and manage identities across both enterprise and cloud environments.

Vision

To simplify identity and empower developers to build seamless customer IAM solutions with API-driven agile open source IAM.

Disclaimer

The content herein is shared in order to outline some of our current product plans but it is important to understand that it is being shared for INFORMATIONAL PURPOSES ONLY, and not as a binding commitment, promise or legal obligation to deliver any material, code or functionality. Any references to the development, release and timing of any products, features or functionality remains at the sole discretion of WSO2. Product capabilities, timeframes and features are subject to change.