Next steps / to-do list

In no particular order...

  1. WebSSO
  2. X.509 PKI
  3. DevOps tooling
  4. Logging
  5. PXE/DHCP/TFTP integration
  6. Network Access Control (NAC)
  7. RADIUS
  8. DNS
  9. User Interface
  10. ModSecurity
  11. Command-line tool
  12. Browser integration/security
  13. Python 3.x
  14. Compliance checks

WebSSO

Custom IdP implementation supporting SAML 2.0, OAuth 2.0, Open ID Connect checking login relationship of user and service based on aeSrvGroup - aeLoginGroups.

Python modules to be used: pysaml2, oic, pyop

X.509 PKI

DevOps tooling

ansible

Logging

PXE/DHCP/TFTP integration

Network Access Control (NAC)

RADIUS

Support for RADIUS with dynamic RADIUS client configuration (see also NAC).

DNS

User Interface

ModSecurity

Define a ruleset for ModSecurity.

Command-line tool

Browser integration/security

Python 3.x

Possible LDAP modules with support for Python 3.x:

Module License Notes
ldap3 LGPLv3
  • supports Python 2.7 and 3.4+
bonsai MIT
  • only Python 3.4+
ldap0 Python-style
  • needs work to support Python 3

Compliance checks

Prepare compliance statements: