You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@syncope.apache.org by Bruno SyncopeDev <sy...@gmail.com> on 2014/05/26 00:54:51 UTC
Benchmarks / Gap analysis between IAM products on the market
Hi,
Do you have any resources/numerics about the integration of Syncope for
clients ?
I'm also interested in load test results or even benchmarks.
What about the position of Syncope regarding others IAM solutions ?
OpenIDM, OIM (Oracle), SailPoint etc...
Is there somewhere a document that presents feature and technical gaps
between those different solutions ?
I'm trying to find arguments to focus on pros of Apache Syncope ?
Thks
Re: Benchmarks / Gap analysis between IAM products on the market
Posted by SyncopeDev <sy...@gmail.com>.
Ok thanks. I'll ask for an ICLA very soon.
Yes, you're right. I'd like to move on the dev@ side.
First, I'll try to propose my ideas on JIRA. It will be a good training
also.
Then, we will see.
I'll need time to read the code of the project to scale the code rules
and its phylosophy/design.
Le 29/05/2014 10:12, Francesco Chicchiriccò a écrit :
> On 28/05/2014 22:47, SyncopeDev wrote:
>> Ok, I have created my id : "syncopedev".
>> I have to take a look at the wiki.
>> I understand you need help specially on documentation. No problem, I
>> can try even if my english is not so good.
>
> Before any contribution, please take a look at
>
> http://syncope.apache.org/contributing.html
>
> and send an ICLA (this weird acronym should look more familiar once
> read the page above).
>
> Helping with documentation is heavily appreciated and should be a
> good way for you to get familiar with Syncope.
>
>> Could you give the url that point on the JIRA Syncope Project please ?
>
> Sure: https://issues.apache.org/jira/browse/SYNCOPE
>
>> And then, I'll document my use cases with the 4 points you focus on.
>>
>> Finally, what do you mean by "discussion to @dev" ? Sorry I'm a rookie.
>
> No problem; you had to subscribe to user@syncope.apache.org before
> posting here, right?
> Now you need to also subscribe to dev@syncope.apache.org and we will
> be discussing such topics there.
>
> This because user@ is targeted to support people using Syncope, while
> dev@ is targeted to support developers contributing to Syncope (and it
> looks you want to move to this side).
>
> HTH
> Regards.
>
>> Le 28/05/2014 10:21, Francesco Chicchiriccò a écrit :
>>> On 27/05/2014 17:23, Bruno SyncopeDev wrote:
>>>> [...]
>>>> Do you think you could be interested in proposals about developing
>>>> third party applications as part of Syncope with new functionnalities ?
>>>
>>> Ah ok, now I got it: do you mean building specialized Syncope-based
>>> solutions for targeting specific use cases? Great idea.
>>>
>>>> Examples :
>>>> -> Implementing security perimeter
>>>> A security administrator is managing a perimeter. He is responsible
>>>> of users in this perimeter.
>>>> -> Recertification of identities and access roles.
>>>
>>> It could be the case to start collecting some of these use cases in
>>> our wiki: please create an account at
>>>
>>> http://cwiki.apache.org/confluence/display/SYNCOPE/
>>>
>>> and then tell me your id so that I can grant you the write permission.
>>>
>>> IMO, for each use case we should be able to provide at least:
>>>
>>> 1. high level description
>>>
>>> 2. detailed requirements
>>>
>>> 3. possible implementation with reference to current and / or
>>> missing Syncope features
>>>
>>> then finally generate a set of correspondent JIRA issues, to be
>>> mapped to one of future releases in the roadmap.
>>>
>>>> Not sure to be very clear in my question. But I'm trying to
>>>> understand if Syncope will evolve in a way that non IT
>>>> administrator will have the capability to give and withdraw rights
>>>> without knowing the technical layer.
>>>> Like : I'm a bank agency manager. I'm responsible for security
>>>> administration for 5 persons. I allow a composed business role like
>>>> a package attached related to the function of the guy.
>>>>
>>>> Finally, I'm ready to help on syncope if you need.
>>>
>>> Oh, it's plenty of help we need here, ranging from our very poor and
>>> sparse documentation to actual features (see JIRA).
>>>
>>> Anyway, I'd say we need to move this discussion to dev@
>>>
>>> Regards.
>>>
>>>> 2014-05-27 8:51 GMT+02:00 Francesco Chicchiriccò
>>>> <ilgrosso@apache.org <ma...@apache.org>>:
>>>>
>>>> On 26/05/2014 20:40, Bruno SyncopeDev wrote:
>>>>> Hi Francisco,
>>>>
>>>> Hi Bruno,
>>>>
>>>>
>>>>> Thanks a lot for you reply. I read the nlight ressources on
>>>>> the subject a couple of months ago when I thought OpenIDM will
>>>>> still be OpenSource in right terms.
>>>>> Anyway, I seems there is another OpenSource project called
>>>>> MidPoint by Evolveum.
>>>>> I don't have any information about the stability of those
>>>>> business model : will they still be OpenSource ? etc...
>>>>
>>>> Eh eh eh, that's one of the reasons why Syncope is a project at
>>>> The Apache Software Foundation...
>>>>
>>>>
>>>>> But the support of this product must be expensive.
>>>>>
>>>>> Anyway, What surprising me, is the fact that there is no
>>>>> implementation on common business process proposed in Syncope.
>>>>> Maybe I'm wrong ?
>>>>> What if you propose some kind of business patterns as the
>>>>> Third party Applications ?
>>>>
>>>> Could you please indicate some samples?
>>>>
>>>>
>>>>> The provisioning system is something very technical. But each
>>>>> IAM solutions is shy to propose high level scenarios with
>>>>> delegated administrations or dynamic role base management.
>>>>> Isn't there a lack on this point ?
>>>>> What is your vision about that ?
>>>>
>>>> I am not sure we are talking of something that you can decently
>>>> generalize: in my experience, even though some reference
>>>> patterns are available, implementing a IAM solution is often
>>>> more a tailor attach on customer's infrastructure than a
>>>> general, repeatable and fully standardized process.
>>>>
>>>> Actually, this fact underlies most of the architectural choices
>>>> in Syncope, which is extensible and fully customizable by default.
>>>>
>>>> Regards.
>>>>
>>>>
>>>>> 2014-05-26 9:38 GMT+02:00 Francesco Chicchiriccò
>>>>> <ilgrosso@apache.org <ma...@apache.org>>:
>>>>>
>>>>> On 26/05/2014 00:54, Bruno SyncopeDev wrote:
>>>>>
>>>>> Hi,
>>>>>
>>>>> Do you have any resources/numerics about the
>>>>> integration of Syncope for clients ?
>>>>> I'm also interested in load test results or even
>>>>> benchmarks.
>>>>>
>>>>> What about the position of Syncope regarding others
>>>>> IAM solutions ?
>>>>> OpenIDM, OIM (Oracle), SailPoint etc...
>>>>> Is there somewhere a document that presents feature
>>>>> and technical gaps between those different solutions ?
>>>>>
>>>>> I'm trying to find arguments to focus on pros of
>>>>> Apache Syncope ?
>>>>>
>>>>>
>>>>> Hi Bruno,
>>>>> AFAIK the only reference for organizations that are using
>>>>> Apache Syncope in their environments is
>>>>>
>>>>> http://syncope.tirasa.net/success-stories.html
>>>>>
>>>>> e.g. a page on my company's support site for Apache Syncope.
>>>>>
>>>>> I know that some of such deployments are running with ~1
>>>>> million users, but I don't have any more insight.
>>>>>
>>>>>
>>>>> Some Apache Syncope key features are reported in
>>>>>
>>>>> http://syncope.apache.org/features.html
>>>>>
>>>>> but I agree it is very little detail in there.
>>>>>
>>>>>
>>>>> About comparison with other Open Source IAM solutions, I
>>>>> can only find
>>>>>
>>>>> http://www.nlight.eu/documents/open-source-idm/
>>>>>
>>>>> which provides some interesting points but is either quite
>>>>> outdated and also non-objective, being redacted by one of
>>>>> solutions' (MidPoint) author - as the disclaimer says.
>>>>>
>>>>>
>>>>> Generally speaking, some "fact sheets" including
>>>>> comparison with (at least) other Open Source IdM solutions
>>>>> could be highly desirable, but I don't see any
>>>>> availability for this in the short term.
>>>>>
>>>>> Naturally, should you ask my opinion, I am convinced that
>>>>> Apache Syncope is the most complete, scalable and
>>>>> feature-rich Open Source IdM out there, especially because
>>>>> it is probably the only one which is *actually* open.
>>>>>
>>>>> Regards.
>>>>>
> --
> Francesco Chicchiriccò
>
> Tirasa - Open Source Excellence
> http://www.tirasa.net/
>
> Involved at The Apache Software Foundation:
> member, Syncope PMC chair, Cocoon PMC, Olingo PMC
> http://people.apache.org/~ilgrosso/
Re: Benchmarks / Gap analysis between IAM products on the market
Posted by Francesco Chicchiriccò <il...@apache.org>.
On 28/05/2014 22:47, SyncopeDev wrote:
> Ok, I have created my id : "syncopedev".
> I have to take a look at the wiki.
> I understand you need help specially on documentation. No problem, I
> can try even if my english is not so good.
Before any contribution, please take a look at
http://syncope.apache.org/contributing.html
and send an ICLA (this weird acronym should look more familiar once read
the page above).
Helping with documentation is heavily appreciated and should be a good
way for you to get familiar with Syncope.
> Could you give the url that point on the JIRA Syncope Project please ?
Sure: https://issues.apache.org/jira/browse/SYNCOPE
> And then, I'll document my use cases with the 4 points you focus on.
>
> Finally, what do you mean by "discussion to @dev" ? Sorry I'm a rookie.
No problem; you had to subscribe to user@syncope.apache.org before
posting here, right?
Now you need to also subscribe to dev@syncope.apache.org and we will be
discussing such topics there.
This because user@ is targeted to support people using Syncope, while
dev@ is targeted to support developers contributing to Syncope (and it
looks you want to move to this side).
HTH
Regards.
> Le 28/05/2014 10:21, Francesco Chicchiriccò a écrit :
>> On 27/05/2014 17:23, Bruno SyncopeDev wrote:
>>> [...]
>>> Do you think you could be interested in proposals about developing
>>> third party applications as part of Syncope with new functionnalities ?
>>
>> Ah ok, now I got it: do you mean building specialized Syncope-based
>> solutions for targeting specific use cases? Great idea.
>>
>>> Examples :
>>> -> Implementing security perimeter
>>> A security administrator is managing a perimeter. He is responsible
>>> of users in this perimeter.
>>> -> Recertification of identities and access roles.
>>
>> It could be the case to start collecting some of these use cases in
>> our wiki: please create an account at
>>
>> http://cwiki.apache.org/confluence/display/SYNCOPE/
>>
>> and then tell me your id so that I can grant you the write permission.
>>
>> IMO, for each use case we should be able to provide at least:
>>
>> 1. high level description
>>
>> 2. detailed requirements
>>
>> 3. possible implementation with reference to current and / or missing
>> Syncope features
>>
>> then finally generate a set of correspondent JIRA issues, to be
>> mapped to one of future releases in the roadmap.
>>
>>> Not sure to be very clear in my question. But I'm trying to
>>> understand if Syncope will evolve in a way that non IT administrator
>>> will have the capability to give and withdraw rights without knowing
>>> the technical layer.
>>> Like : I'm a bank agency manager. I'm responsible for security
>>> administration for 5 persons. I allow a composed business role like
>>> a package attached related to the function of the guy.
>>>
>>> Finally, I'm ready to help on syncope if you need.
>>
>> Oh, it's plenty of help we need here, ranging from our very poor and
>> sparse documentation to actual features (see JIRA).
>>
>> Anyway, I'd say we need to move this discussion to dev@
>>
>> Regards.
>>
>>> 2014-05-27 8:51 GMT+02:00 Francesco Chicchiriccò
>>> <ilgrosso@apache.org <ma...@apache.org>>:
>>>
>>> On 26/05/2014 20:40, Bruno SyncopeDev wrote:
>>>> Hi Francisco,
>>>
>>> Hi Bruno,
>>>
>>>
>>>> Thanks a lot for you reply. I read the nlight ressources on the
>>>> subject a couple of months ago when I thought OpenIDM will
>>>> still be OpenSource in right terms.
>>>> Anyway, I seems there is another OpenSource project called
>>>> MidPoint by Evolveum.
>>>> I don't have any information about the stability of those
>>>> business model : will they still be OpenSource ? etc...
>>>
>>> Eh eh eh, that's one of the reasons why Syncope is a project at
>>> The Apache Software Foundation...
>>>
>>>
>>>> But the support of this product must be expensive.
>>>>
>>>> Anyway, What surprising me, is the fact that there is no
>>>> implementation on common business process proposed in Syncope.
>>>> Maybe I'm wrong ?
>>>> What if you propose some kind of business patterns as the Third
>>>> party Applications ?
>>>
>>> Could you please indicate some samples?
>>>
>>>
>>>> The provisioning system is something very technical. But each
>>>> IAM solutions is shy to propose high level scenarios with
>>>> delegated administrations or dynamic role base management.
>>>> Isn't there a lack on this point ?
>>>> What is your vision about that ?
>>>
>>> I am not sure we are talking of something that you can decently
>>> generalize: in my experience, even though some reference
>>> patterns are available, implementing a IAM solution is often
>>> more a tailor attach on customer's infrastructure than a
>>> general, repeatable and fully standardized process.
>>>
>>> Actually, this fact underlies most of the architectural choices
>>> in Syncope, which is extensible and fully customizable by default.
>>>
>>> Regards.
>>>
>>>
>>>> 2014-05-26 9:38 GMT+02:00 Francesco Chicchiriccò
>>>> <ilgrosso@apache.org <ma...@apache.org>>:
>>>>
>>>> On 26/05/2014 00:54, Bruno SyncopeDev wrote:
>>>>
>>>> Hi,
>>>>
>>>> Do you have any resources/numerics about the
>>>> integration of Syncope for clients ?
>>>> I'm also interested in load test results or even
>>>> benchmarks.
>>>>
>>>> What about the position of Syncope regarding others IAM
>>>> solutions ?
>>>> OpenIDM, OIM (Oracle), SailPoint etc...
>>>> Is there somewhere a document that presents feature and
>>>> technical gaps between those different solutions ?
>>>>
>>>> I'm trying to find arguments to focus on pros of Apache
>>>> Syncope ?
>>>>
>>>>
>>>> Hi Bruno,
>>>> AFAIK the only reference for organizations that are using
>>>> Apache Syncope in their environments is
>>>>
>>>> http://syncope.tirasa.net/success-stories.html
>>>>
>>>> e.g. a page on my company's support site for Apache Syncope.
>>>>
>>>> I know that some of such deployments are running with ~1
>>>> million users, but I don't have any more insight.
>>>>
>>>>
>>>> Some Apache Syncope key features are reported in
>>>>
>>>> http://syncope.apache.org/features.html
>>>>
>>>> but I agree it is very little detail in there.
>>>>
>>>>
>>>> About comparison with other Open Source IAM solutions, I
>>>> can only find
>>>>
>>>> http://www.nlight.eu/documents/open-source-idm/
>>>>
>>>> which provides some interesting points but is either quite
>>>> outdated and also non-objective, being redacted by one of
>>>> solutions' (MidPoint) author - as the disclaimer says.
>>>>
>>>>
>>>> Generally speaking, some "fact sheets" including comparison
>>>> with (at least) other Open Source IdM solutions could be
>>>> highly desirable, but I don't see any availability for this
>>>> in the short term.
>>>>
>>>> Naturally, should you ask my opinion, I am convinced that
>>>> Apache Syncope is the most complete, scalable and
>>>> feature-rich Open Source IdM out there, especially because
>>>> it is probably the only one which is *actually* open.
>>>>
>>>> Regards.
>>>>
--
Francesco Chicchiriccò
Tirasa - Open Source Excellence
http://www.tirasa.net/
Involved at The Apache Software Foundation:
member, Syncope PMC chair, Cocoon PMC, Olingo PMC
http://people.apache.org/~ilgrosso/
Re: Benchmarks / Gap analysis between IAM products on the market
Posted by SyncopeDev <sy...@gmail.com>.
Ok, I have created my id : "syncopedev".
I have to take a look at the wiki.
I understand you need help specially on documentation. No problem, I can
try even if my english is not so good.
Could you give the url that point on the JIRA Syncope Project please ?
And then, I'll document my use cases with the 4 points you focus on.
Finally, what do you mean by "discussion to @dev" ? Sorry I'm a rookie.
Le 28/05/2014 10:21, Francesco Chicchiriccò a écrit :
> On 27/05/2014 17:23, Bruno SyncopeDev wrote:
>> [...]
>> Do you think you could be interested in proposals about developing
>> third party applications as part of Syncope with new functionnalities ?
>
> Ah ok, now I got it: do you mean building specialized Syncope-based
> solutions for targeting specific use cases? Great idea.
>
>> Examples :
>> -> Implementing security perimeter
>> A security administrator is managing a perimeter. He is responsible
>> of users in this perimeter.
>> -> Recertification of identities and access roles.
>
> It could be the case to start collecting some of these use cases in
> our wiki: please create an account at
>
> http://cwiki.apache.org/confluence/display/SYNCOPE/
>
> and then tell me your id so that I can grant you the write permission.
>
> IMO, for each use case we should be able to provide at least:
>
> 1. high level description
>
> 2. detailed requirements
>
> 3. possible implementation with reference to current and / or missing
> Syncope features
>
> then finally generate a set of correspondent JIRA issues, to be mapped
> to one of future releases in the roadmap.
>
>> Not sure to be very clear in my question. But I'm trying to
>> understand if Syncope will evolve in a way that non IT administrator
>> will have the capability to give and withdraw rights without knowing
>> the technical layer.
>> Like : I'm a bank agency manager. I'm responsible for security
>> administration for 5 persons. I allow a composed business role like a
>> package attached related to the function of the guy.
>>
>> Finally, I'm ready to help on syncope if you need.
>
> Oh, it's plenty of help we need here, ranging from our very poor and
> sparse documentation to actual features (see JIRA).
>
> Anyway, I'd say we need to move this discussion to dev@
>
> Regards.
>
>> 2014-05-27 8:51 GMT+02:00 Francesco Chicchiriccò <ilgrosso@apache.org
>> <ma...@apache.org>>:
>>
>> On 26/05/2014 20:40, Bruno SyncopeDev wrote:
>>> Hi Francisco,
>>
>> Hi Bruno,
>>
>>
>>> Thanks a lot for you reply. I read the nlight ressources on the
>>> subject a couple of months ago when I thought OpenIDM will still
>>> be OpenSource in right terms.
>>> Anyway, I seems there is another OpenSource project called
>>> MidPoint by Evolveum.
>>> I don't have any information about the stability of those
>>> business model : will they still be OpenSource ? etc...
>>
>> Eh eh eh, that's one of the reasons why Syncope is a project at
>> The Apache Software Foundation...
>>
>>
>>> But the support of this product must be expensive.
>>>
>>> Anyway, What surprising me, is the fact that there is no
>>> implementation on common business process proposed in Syncope.
>>> Maybe I'm wrong ?
>>> What if you propose some kind of business patterns as the Third
>>> party Applications ?
>>
>> Could you please indicate some samples?
>>
>>
>>> The provisioning system is something very technical. But each
>>> IAM solutions is shy to propose high level scenarios with
>>> delegated administrations or dynamic role base management.
>>> Isn't there a lack on this point ?
>>> What is your vision about that ?
>>
>> I am not sure we are talking of something that you can decently
>> generalize: in my experience, even though some reference patterns
>> are available, implementing a IAM solution is often more a tailor
>> attach on customer's infrastructure than a general, repeatable
>> and fully standardized process.
>>
>> Actually, this fact underlies most of the architectural choices
>> in Syncope, which is extensible and fully customizable by default.
>>
>> Regards.
>>
>>
>>> 2014-05-26 9:38 GMT+02:00 Francesco Chicchiriccò
>>> <ilgrosso@apache.org <ma...@apache.org>>:
>>>
>>> On 26/05/2014 00:54, Bruno SyncopeDev wrote:
>>>
>>> Hi,
>>>
>>> Do you have any resources/numerics about the integration
>>> of Syncope for clients ?
>>> I'm also interested in load test results or even benchmarks.
>>>
>>> What about the position of Syncope regarding others IAM
>>> solutions ?
>>> OpenIDM, OIM (Oracle), SailPoint etc...
>>> Is there somewhere a document that presents feature and
>>> technical gaps between those different solutions ?
>>>
>>> I'm trying to find arguments to focus on pros of Apache
>>> Syncope ?
>>>
>>>
>>> Hi Bruno,
>>> AFAIK the only reference for organizations that are using
>>> Apache Syncope in their environments is
>>>
>>> http://syncope.tirasa.net/success-stories.html
>>>
>>> e.g. a page on my company's support site for Apache Syncope.
>>>
>>> I know that some of such deployments are running with ~1
>>> million users, but I don't have any more insight.
>>>
>>>
>>> Some Apache Syncope key features are reported in
>>>
>>> http://syncope.apache.org/features.html
>>>
>>> but I agree it is very little detail in there.
>>>
>>>
>>> About comparison with other Open Source IAM solutions, I can
>>> only find
>>>
>>> http://www.nlight.eu/documents/open-source-idm/
>>>
>>> which provides some interesting points but is either quite
>>> outdated and also non-objective, being redacted by one of
>>> solutions' (MidPoint) author - as the disclaimer says.
>>>
>>>
>>> Generally speaking, some "fact sheets" including comparison
>>> with (at least) other Open Source IdM solutions could be
>>> highly desirable, but I don't see any availability for this
>>> in the short term.
>>>
>>> Naturally, should you ask my opinion, I am convinced that
>>> Apache Syncope is the most complete, scalable and
>>> feature-rich Open Source IdM out there, especially because
>>> it is probably the only one which is *actually* open.
>>>
>>> Regards.
>>>
> --
> Francesco Chicchiriccò
>
> Tirasa - Open Source Excellence
> http://www.tirasa.net/
>
> Involved at The Apache Software Foundation:
> member, Syncope PMC chair, Cocoon PMC, Olingo PMC
> http://people.apache.org/~ilgrosso/
Re: Benchmarks / Gap analysis between IAM products on the market
Posted by Francesco Chicchiriccò <il...@apache.org>.
On 27/05/2014 17:23, Bruno SyncopeDev wrote:
> [...]
> Do you think you could be interested in proposals about developing
> third party applications as part of Syncope with new functionnalities ?
Ah ok, now I got it: do you mean building specialized Syncope-based
solutions for targeting specific use cases? Great idea.
> Examples :
> -> Implementing security perimeter
> A security administrator is managing a perimeter. He is responsible of
> users in this perimeter.
> -> Recertification of identities and access roles.
It could be the case to start collecting some of these use cases in our
wiki: please create an account at
http://cwiki.apache.org/confluence/display/SYNCOPE/
and then tell me your id so that I can grant you the write permission.
IMO, for each use case we should be able to provide at least:
1. high level description
2. detailed requirements
3. possible implementation with reference to current and / or missing
Syncope features
then finally generate a set of correspondent JIRA issues, to be mapped
to one of future releases in the roadmap.
> Not sure to be very clear in my question. But I'm trying to understand
> if Syncope will evolve in a way that non IT administrator will have
> the capability to give and withdraw rights without knowing the
> technical layer.
> Like : I'm a bank agency manager. I'm responsible for security
> administration for 5 persons. I allow a composed business role like a
> package attached related to the function of the guy.
>
> Finally, I'm ready to help on syncope if you need.
Oh, it's plenty of help we need here, ranging from our very poor and
sparse documentation to actual features (see JIRA).
Anyway, I'd say we need to move this discussion to dev@
Regards.
> 2014-05-27 8:51 GMT+02:00 Francesco Chicchiriccò <ilgrosso@apache.org
> <ma...@apache.org>>:
>
> On 26/05/2014 20:40, Bruno SyncopeDev wrote:
>> Hi Francisco,
>
> Hi Bruno,
>
>
>> Thanks a lot for you reply. I read the nlight ressources on the
>> subject a couple of months ago when I thought OpenIDM will still
>> be OpenSource in right terms.
>> Anyway, I seems there is another OpenSource project called
>> MidPoint by Evolveum.
>> I don't have any information about the stability of those
>> business model : will they still be OpenSource ? etc...
>
> Eh eh eh, that's one of the reasons why Syncope is a project at
> The Apache Software Foundation...
>
>
>> But the support of this product must be expensive.
>>
>> Anyway, What surprising me, is the fact that there is no
>> implementation on common business process proposed in Syncope.
>> Maybe I'm wrong ?
>> What if you propose some kind of business patterns as the Third
>> party Applications ?
>
> Could you please indicate some samples?
>
>
>> The provisioning system is something very technical. But each IAM
>> solutions is shy to propose high level scenarios with delegated
>> administrations or dynamic role base management.
>> Isn't there a lack on this point ?
>> What is your vision about that ?
>
> I am not sure we are talking of something that you can decently
> generalize: in my experience, even though some reference patterns
> are available, implementing a IAM solution is often more a tailor
> attach on customer's infrastructure than a general, repeatable and
> fully standardized process.
>
> Actually, this fact underlies most of the architectural choices in
> Syncope, which is extensible and fully customizable by default.
>
> Regards.
>
>
>> 2014-05-26 9:38 GMT+02:00 Francesco Chicchiriccò
>> <ilgrosso@apache.org <ma...@apache.org>>:
>>
>> On 26/05/2014 00:54, Bruno SyncopeDev wrote:
>>
>> Hi,
>>
>> Do you have any resources/numerics about the integration
>> of Syncope for clients ?
>> I'm also interested in load test results or even benchmarks.
>>
>> What about the position of Syncope regarding others IAM
>> solutions ?
>> OpenIDM, OIM (Oracle), SailPoint etc...
>> Is there somewhere a document that presents feature and
>> technical gaps between those different solutions ?
>>
>> I'm trying to find arguments to focus on pros of Apache
>> Syncope ?
>>
>>
>> Hi Bruno,
>> AFAIK the only reference for organizations that are using
>> Apache Syncope in their environments is
>>
>> http://syncope.tirasa.net/success-stories.html
>>
>> e.g. a page on my company's support site for Apache Syncope.
>>
>> I know that some of such deployments are running with ~1
>> million users, but I don't have any more insight.
>>
>>
>> Some Apache Syncope key features are reported in
>>
>> http://syncope.apache.org/features.html
>>
>> but I agree it is very little detail in there.
>>
>>
>> About comparison with other Open Source IAM solutions, I can
>> only find
>>
>> http://www.nlight.eu/documents/open-source-idm/
>>
>> which provides some interesting points but is either quite
>> outdated and also non-objective, being redacted by one of
>> solutions' (MidPoint) author - as the disclaimer says.
>>
>>
>> Generally speaking, some "fact sheets" including comparison
>> with (at least) other Open Source IdM solutions could be
>> highly desirable, but I don't see any availability for this
>> in the short term.
>>
>> Naturally, should you ask my opinion, I am convinced that
>> Apache Syncope is the most complete, scalable and
>> feature-rich Open Source IdM out there, especially because it
>> is probably the only one which is *actually* open.
>>
>> Regards.
>>
--
Francesco Chicchiriccò
Tirasa - Open Source Excellence
http://www.tirasa.net/
Involved at The Apache Software Foundation:
member, Syncope PMC chair, Cocoon PMC, Olingo PMC
http://people.apache.org/~ilgrosso/
Re: Benchmarks / Gap analysis between IAM products on the market
Posted by Bruno SyncopeDev <sy...@gmail.com>.
Hi Francisco,
In fact, I'm looking for OpenSource products because I have finished a
project for a big company (I'm leaving tomorrow).
I didn't integrate a market solution, but I did it by myself.
I developped a complete provisionning solution with "realtime" connectors
(active waiting on events) with referential realtime replication and
aggregation computations.
I have developped this solution during 4 years.
This is now a huge infrastructure with 15 Java connectors (on DB, LDAP,
UNIX, SAP) and 120 Perl connectors (LDAP, CSV, TXT).
With modesty, my system has been audited by specialists, and, they said it
is very competitive on functionnal and technical aspects.
But, it has been developped in a final client way. Resuable but not so
much. Adaptable for sure !
I know all the defaults of my solution even if it's efficient.
That's why I'll looking for a well coded opens source solution.
Anyway, I'm trying to share my experience and learn on a cleaner and sexy
project as Syncope.
First, I decided to propose my implementation (refactoring) of my system in
OpenSource perspective.
But I think about it in a different way as I'm a OpenSource "Militant".
And I came to Syncope. So I'm really new to Syncope. Just started the
analysis.
The provisioning function in my company was not well known for end users.It
is just a technical part of our IAM.
And they use a high level abstraction of the system in Third Party
Applications.
An this pattern must be shared by a lot of big centralized companies and
administrations.
Do you think you could be interested in proposals about developing third
party applications as part of Syncope with new functionnalities ?
Examples :
-> Implementing security perimeter
A security administrator is managing a perimeter. He is responsible of
users in this perimeter.
-> Recertification of identities and access roles.
Not sure to be very clear in my question. But I'm trying to understand if
Syncope will evolve in a way that non IT administrator will have the
capability to give and withdraw rights without knowing the technical layer.
Like : I'm a bank agency manager. I'm responsible for security
administration for 5 persons. I allow a composed business role like a
package attached related to the function of the guy.
Finally, I'm ready to help on syncope if you need.
Regards,
Bruno
2014-05-27 8:51 GMT+02:00 Francesco Chicchiriccò <il...@apache.org>:
> On 26/05/2014 20:40, Bruno SyncopeDev wrote:
>
> Hi Francisco,
>
>
> Hi Bruno,
>
>
> Thanks a lot for you reply. I read the nlight ressources on the subject
> a couple of months ago when I thought OpenIDM will still be OpenSource in
> right terms.
> Anyway, I seems there is another OpenSource project called MidPoint by
> Evolveum.
> I don't have any information about the stability of those business model
> : will they still be OpenSource ? etc...
>
>
> Eh eh eh, that's one of the reasons why Syncope is a project at The Apache
> Software Foundation...
>
>
> But the support of this product must be expensive.
>
> Anyway, What surprising me, is the fact that there is no implementation
> on common business process proposed in Syncope. Maybe I'm wrong ?
> What if you propose some kind of business patterns as the Third party
> Applications ?
>
>
> Could you please indicate some samples?
>
>
> The provisioning system is something very technical. But each IAM
> solutions is shy to propose high level scenarios with delegated
> administrations or dynamic role base management.
> Isn't there a lack on this point ?
> What is your vision about that ?
>
>
> I am not sure we are talking of something that you can decently
> generalize: in my experience, even though some reference patterns are
> available, implementing a IAM solution is often more a tailor attach on
> customer's infrastructure than a general, repeatable and fully standardized
> process.
>
> Actually, this fact underlies most of the architectural choices in
> Syncope, which is extensible and fully customizable by default.
>
> Regards.
>
>
> 2014-05-26 9:38 GMT+02:00 Francesco Chicchiriccò <il...@apache.org>:
>
>> On 26/05/2014 00:54, Bruno SyncopeDev wrote:
>>
>>> Hi,
>>>
>>> Do you have any resources/numerics about the integration of Syncope for
>>> clients ?
>>> I'm also interested in load test results or even benchmarks.
>>>
>>> What about the position of Syncope regarding others IAM solutions ?
>>> OpenIDM, OIM (Oracle), SailPoint etc...
>>> Is there somewhere a document that presents feature and technical gaps
>>> between those different solutions ?
>>>
>>> I'm trying to find arguments to focus on pros of Apache Syncope ?
>>>
>>
>> Hi Bruno,
>> AFAIK the only reference for organizations that are using Apache Syncope
>> in their environments is
>>
>> http://syncope.tirasa.net/success-stories.html
>>
>> e.g. a page on my company's support site for Apache Syncope.
>>
>> I know that some of such deployments are running with ~1 million users,
>> but I don't have any more insight.
>>
>>
>> Some Apache Syncope key features are reported in
>>
>> http://syncope.apache.org/features.html
>>
>> but I agree it is very little detail in there.
>>
>>
>> About comparison with other Open Source IAM solutions, I can only find
>>
>> http://www.nlight.eu/documents/open-source-idm/
>>
>> which provides some interesting points but is either quite outdated and
>> also non-objective, being redacted by one of solutions' (MidPoint) author -
>> as the disclaimer says.
>>
>>
>> Generally speaking, some "fact sheets" including comparison with (at
>> least) other Open Source IdM solutions could be highly desirable, but I
>> don't see any availability for this in the short term.
>>
>> Naturally, should you ask my opinion, I am convinced that Apache Syncope
>> is the most complete, scalable and feature-rich Open Source IdM out there,
>> especially because it is probably the only one which is *actually* open.
>>
>> Regards.
>>
> --
> Francesco Chicchiriccò
>
> Tirasa - Open Source Excellencehttp://www.tirasa.net/
>
> Involved at The Apache Software Foundation:
> member, Syncope PMC chair, Cocoon PMC, Olingo PMChttp://people.apache.org/~ilgrosso/
>
>
Re: Benchmarks / Gap analysis between IAM products on the market
Posted by Francesco Chicchiriccò <il...@apache.org>.
On 26/05/2014 20:40, Bruno SyncopeDev wrote:
> Hi Francisco,
Hi Bruno,
> Thanks a lot for you reply. I read the nlight ressources on the
> subject a couple of months ago when I thought OpenIDM will still be
> OpenSource in right terms.
> Anyway, I seems there is another OpenSource project called MidPoint by
> Evolveum.
> I don't have any information about the stability of those business
> model : will they still be OpenSource ? etc...
Eh eh eh, that's one of the reasons why Syncope is a project at The
Apache Software Foundation...
> But the support of this product must be expensive.
>
> Anyway, What surprising me, is the fact that there is no
> implementation on common business process proposed in Syncope. Maybe
> I'm wrong ?
> What if you propose some kind of business patterns as the Third party
> Applications ?
Could you please indicate some samples?
> The provisioning system is something very technical. But each IAM
> solutions is shy to propose high level scenarios with delegated
> administrations or dynamic role base management.
> Isn't there a lack on this point ?
> What is your vision about that ?
I am not sure we are talking of something that you can decently
generalize: in my experience, even though some reference patterns are
available, implementing a IAM solution is often more a tailor attach on
customer's infrastructure than a general, repeatable and fully
standardized process.
Actually, this fact underlies most of the architectural choices in
Syncope, which is extensible and fully customizable by default.
Regards.
> 2014-05-26 9:38 GMT+02:00 Francesco Chicchiriccò <ilgrosso@apache.org
> <ma...@apache.org>>:
>
> On 26/05/2014 00:54, Bruno SyncopeDev wrote:
>
> Hi,
>
> Do you have any resources/numerics about the integration of
> Syncope for clients ?
> I'm also interested in load test results or even benchmarks.
>
> What about the position of Syncope regarding others IAM
> solutions ?
> OpenIDM, OIM (Oracle), SailPoint etc...
> Is there somewhere a document that presents feature and
> technical gaps between those different solutions ?
>
> I'm trying to find arguments to focus on pros of Apache Syncope ?
>
>
> Hi Bruno,
> AFAIK the only reference for organizations that are using Apache
> Syncope in their environments is
>
> http://syncope.tirasa.net/success-stories.html
>
> e.g. a page on my company's support site for Apache Syncope.
>
> I know that some of such deployments are running with ~1 million
> users, but I don't have any more insight.
>
>
> Some Apache Syncope key features are reported in
>
> http://syncope.apache.org/features.html
>
> but I agree it is very little detail in there.
>
>
> About comparison with other Open Source IAM solutions, I can only find
>
> http://www.nlight.eu/documents/open-source-idm/
>
> which provides some interesting points but is either quite
> outdated and also non-objective, being redacted by one of
> solutions' (MidPoint) author - as the disclaimer says.
>
>
> Generally speaking, some "fact sheets" including comparison with
> (at least) other Open Source IdM solutions could be highly
> desirable, but I don't see any availability for this in the short
> term.
>
> Naturally, should you ask my opinion, I am convinced that Apache
> Syncope is the most complete, scalable and feature-rich Open
> Source IdM out there, especially because it is probably the only
> one which is *actually* open.
>
> Regards.
>
--
Francesco Chicchiriccò
Tirasa - Open Source Excellence
http://www.tirasa.net/
Involved at The Apache Software Foundation:
member, Syncope PMC chair, Cocoon PMC, Olingo PMC
http://people.apache.org/~ilgrosso/
Re: Benchmarks / Gap analysis between IAM products on the market
Posted by Bruno SyncopeDev <sy...@gmail.com>.
Hi Francisco,
Thanks a lot for you reply. I read the nlight ressources on the subject a
couple of months ago when I thought OpenIDM will still be OpenSource in
right terms.
Anyway, I seems there is another OpenSource project called MidPoint by
Evolveum.
I don't have any information about the stability of those business model :
will they still be OpenSource ? etc...
But the support of this product must be expensive.
Anyway, What surprising me, is the fact that there is no implementation on
common business process proposed in Syncope. Maybe I'm wrong ?
What if you propose some kind of business patterns as the Third party
Applications ?
The provisioning system is something very technical. But each IAM solutions
is shy to propose high level scenarios with delegated administrations or
dynamic role base management.
Isn't there a lack on this point ?
What is your vision about that ?
Regards
Bruno
2014-05-26 9:38 GMT+02:00 Francesco Chicchiriccò <il...@apache.org>:
> On 26/05/2014 00:54, Bruno SyncopeDev wrote:
>
>> Hi,
>>
>> Do you have any resources/numerics about the integration of Syncope for
>> clients ?
>> I'm also interested in load test results or even benchmarks.
>>
>> What about the position of Syncope regarding others IAM solutions ?
>> OpenIDM, OIM (Oracle), SailPoint etc...
>> Is there somewhere a document that presents feature and technical gaps
>> between those different solutions ?
>>
>> I'm trying to find arguments to focus on pros of Apache Syncope ?
>>
>
> Hi Bruno,
> AFAIK the only reference for organizations that are using Apache Syncope
> in their environments is
>
> http://syncope.tirasa.net/success-stories.html
>
> e.g. a page on my company's support site for Apache Syncope.
>
> I know that some of such deployments are running with ~1 million users,
> but I don't have any more insight.
>
>
> Some Apache Syncope key features are reported in
>
> http://syncope.apache.org/features.html
>
> but I agree it is very little detail in there.
>
>
> About comparison with other Open Source IAM solutions, I can only find
>
> http://www.nlight.eu/documents/open-source-idm/
>
> which provides some interesting points but is either quite outdated and
> also non-objective, being redacted by one of solutions' (MidPoint) author -
> as the disclaimer says.
>
>
> Generally speaking, some "fact sheets" including comparison with (at
> least) other Open Source IdM solutions could be highly desirable, but I
> don't see any availability for this in the short term.
>
> Naturally, should you ask my opinion, I am convinced that Apache Syncope
> is the most complete, scalable and feature-rich Open Source IdM out there,
> especially because it is probably the only one which is *actually* open.
>
> Regards.
>
> --
> Francesco Chicchiriccò
>
> Tirasa - Open Source Excellence
> http://www.tirasa.net/
>
> Involved at The Apache Software Foundation:
> member, Syncope PMC chair, Cocoon PMC, Olingo PMC
> http://people.apache.org/~ilgrosso/
>
>
Re: Benchmarks / Gap analysis between IAM products on the market
Posted by Francesco Chicchiriccò <il...@apache.org>.
On 26/05/2014 00:54, Bruno SyncopeDev wrote:
> Hi,
>
> Do you have any resources/numerics about the integration of Syncope
> for clients ?
> I'm also interested in load test results or even benchmarks.
>
> What about the position of Syncope regarding others IAM solutions ?
> OpenIDM, OIM (Oracle), SailPoint etc...
> Is there somewhere a document that presents feature and technical gaps
> between those different solutions ?
>
> I'm trying to find arguments to focus on pros of Apache Syncope ?
Hi Bruno,
AFAIK the only reference for organizations that are using Apache Syncope
in their environments is
http://syncope.tirasa.net/success-stories.html
e.g. a page on my company's support site for Apache Syncope.
I know that some of such deployments are running with ~1 million users,
but I don't have any more insight.
Some Apache Syncope key features are reported in
http://syncope.apache.org/features.html
but I agree it is very little detail in there.
About comparison with other Open Source IAM solutions, I can only find
http://www.nlight.eu/documents/open-source-idm/
which provides some interesting points but is either quite outdated and
also non-objective, being redacted by one of solutions' (MidPoint)
author - as the disclaimer says.
Generally speaking, some "fact sheets" including comparison with (at
least) other Open Source IdM solutions could be highly desirable, but I
don't see any availability for this in the short term.
Naturally, should you ask my opinion, I am convinced that Apache Syncope
is the most complete, scalable and feature-rich Open Source IdM out
there, especially because it is probably the only one which is
*actually* open.
Regards.
--
Francesco Chicchiriccò
Tirasa - Open Source Excellence
http://www.tirasa.net/
Involved at The Apache Software Foundation:
member, Syncope PMC chair, Cocoon PMC, Olingo PMC
http://people.apache.org/~ilgrosso/