Next steps / to-do list
- Implement grafana dash-boards.
- specific web application for administrative use-cases
- Simple reporting use-cases (expired objects etc.).
- Graph reporting of data structures in a zone.
Custom OpenID Connect Provider (OP) checking login relationship of user and service based on aeSrvGroup - aeLoginGroups.
Python modules to evaluate:
- Identity Python module oidc-op, see also Example based on Flask
- Authlib, see also Example of OpenID Connect 1.0 Provider
- Issue X.509 server certs to aeHost, aeNwDevice, aeService or aeSrvGroup based on authorization of role Setup Admins (see also LDAPcon 2017 talk: X.509 PKI RA schema for Æ-DIR)
- direct ansible integration for server cert enrollment
- X.509 cert enrollment for aeUser with multi-factor authc
- remote CA keys (e.g. based on pyeleven and PyKCS11)
Network Access Control (NAC)
Support for RADIUS with dynamic RADIUS client configuration (see also NAC).
- use PowerDNS to serve attributes as DNS RRs to augment regular DNS service:
- use remote backend (preferably with DNSSEC) via pdns-remotebackend-python