idstore
| JVM | Platform | Status |
|---|---|---|
| OpenJDK (Temurin) Current | Linux |  |
| OpenJDK (Temurin) LTS | Linux |  |
| OpenJDK (Temurin) Current | Windows |  |
| OpenJDK (Temurin) LTS | Windows |  |
idstore
The idstore package provides an identity server for centralized
authentication.
Features
- Simple, centralized identity storage and password checking. Passwords are securely stored using PBKDF2.
- Email-based password reset functionality with a minimalist web interface.
- Full API access for all operations: Separate user-facing and administrator-facing APIs are exposed on different ports and are accessed using an efficient binary protocol over HTTP.
- Full Java API for performing user and administrative operations.
- Strong separation between administrators and users.
- Fine-grained capability-based security model for administrative operations; Safely write external services that can perform administrative operations while maintaining the principle of least privilege.
- Command-line administrative shell.
- Complete audit log; every operation that changes the state of the system is logged in an append-only log.
- Fully instrumented with OpenTelemetry.
- A small, easily auditable codebase with a heavy use of modularity for correctness.
- An extensive automated test suite with high coverage.
- Platform independence. No platform-dependent code is included in any form, and installations can largely be carried between platforms without changes.
- Extensive documentation including information on installation, a setup tutorial, a theory of operation, maintenance and monitoring information, information on security properties, and full API documentation.
- OCI-ready: Ready to run as an immutable, stateless, read-only, unprivileged container for maximum security and reliability.
- OSGi-ready.
- JPMS-ready.
- ISC license.
Usage
See the documentation.