{"id":29712287,"url":"https://github.com/sinetris/iam-infrastructure-prototype","last_synced_at":"2026-02-18T17:03:00.301Z","repository":{"id":221190602,"uuid":"696219471","full_name":"sinetris/iam-infrastructure-prototype","owner":"sinetris","description":"Demo code to explain how GRC, cybersecurity, and infrastructure automation can benefit from HR-Driven Identity Lifecycle and other IAM practices.","archived":false,"fork":false,"pushed_at":"2026-01-12T16:38:20.000Z","size":4796,"stargazers_count":2,"open_issues_count":1,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2026-01-12T22:05:28.334Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"Jsonnet","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/sinetris.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE-CODE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2023-09-25T10:29:17.000Z","updated_at":"2025-09-11T12:06:36.000Z","dependencies_parsed_at":"2024-03-22T19:35:32.648Z","dependency_job_id":"adcd0f87-ee91-446a-9ca1-d64ef4d8b463","html_url":"https://github.com/sinetris/iam-infrastructure-prototype","commit_stats":null,"previous_names":["sinetris/iam-demo","sinetris/iam-infrastructure-prototype"],"tags_count":1,"template":false,"template_full_name":null,"purl":"pkg:github/sinetris/iam-infrastructure-prototype","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sinetris%2Fiam-infrastructure-prototype","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sinetris%2Fiam-infrastructure-prototype/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sinetris%2Fiam-infrastructure-prototype/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sinetris%2Fiam-infrastructure-prototype/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/sinetris","download_url":"https://codeload.github.com/sinetris/iam-infrastructure-prototype/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sinetris%2Fiam-infrastructure-prototype/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29587066,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-18T16:55:40.614Z","status":"ssl_error","status_checked_at":"2026-02-18T16:55:37.558Z","response_time":162,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-07-24T00:41:55.019Z","updated_at":"2026-02-18T17:03:00.288Z","avatar_url":"https://github.com/sinetris.png","language":"Jsonnet","funding_links":[],"categories":[],"sub_categories":[],"readme":"# IAM Infrastructure Prototype\n\nCode for a fictional startup to explain how governance, risk management, and\ncompliance (GRC), cybersecurity, and infrastructure automation can benefit from\nthe use of HR-Driven Identity Lifecycle and other Identity and Access Management\npractices.\n\n- [📝 Notice](#-notice)\n- [📜 Introduction](#-introduction)\n  - [Stakeholders](#stakeholders)\n  - [Workforce IAM](#workforce-iam)\n    - [HR-Driven Identity Lifecycle](#hr-driven-identity-lifecycle)\n    - [Application Lifecycle Management (ALM) connected with the Asset Catalog](#application-lifecycle-management-alm-connected-with-the-asset-catalog)\n    - [Automated Provisioning](#automated-provisioning)\n    - [Procedure and Processes](#procedure-and-processes)\n- [🐣 Getting started](#-getting-started)\n  - [⚙️ Setup](#️-setup)\n    - [Dependencies](#dependencies)\n    - [Generate and provision instances](#generate-and-provision-instances)\n  - [💻 Linux desktop Instance](#-linux-desktop-instance)\n    - [Connect using Remote Desktop](#connect-using-remote-desktop)\n    - [Test self-signed certificates](#test-self-signed-certificates)\n    - [Complete Setup](#complete-setup)\n      - [Configure Forgejo ssh keys](#configure-forgejo-ssh-keys)\n  - [🧑‍💻 Access Kubernetes cluster](#-access-kubernetes-cluster)\n    - [Connecting from the console](#connecting-from-the-console)\n    - [Connect using linux-desktop browser](#connect-using-linux-desktop-browser)\n      - [Traefik Dashboard](#traefik-dashboard)\n      - [Kubernetes Dashboard](#kubernetes-dashboard)\n- [🧑‍🔧 Troubleshooting](#-troubleshooting)\n- [🔧 Development](#-development)\n- [🔖 Resources](#-resources)\n  - [IAM, IGA, CIAM, and Zero Trust architecture](#iam-iga-ciam-and-zero-trust-architecture)\n  - [Accessibility Directives and Guidelines](#accessibility-directives-and-guidelines)\n  - [Compliance As Code](#compliance-as-code)\n  - [Frameworks and Regulations](#frameworks-and-regulations)\n  - [Standard Notations](#standard-notations)\n- [📄 Licenses](#-licenses)\n\n## 📝 Notice\n\nYou can see [screenshots](docs/screenshots.md) of some of the applications\nthat will be provisioned with the current setup.\n\nThis project is ambitious and constantly evolving.\n\nIn the [To Do](docs/TODO.md) document you can find what has been implemented\nand what is planned.\n\n## 📜 Introduction\n\n### Stakeholders\n\nThe implementation of a proper IAM infrastructure requires the involvement of\npeople from different teams and departments. Underestimating the need to involve\nall stakeholders at an early stage will lead to delays, waste of money and\nresources, and poor adoption.\n\nThe following is an incomplete list of candidate stakeholders:\n\n- Human Resources (HR)\n  - People operations\n  - Talent acquisition\n  - Talent management\n  - Diversity, Equity, and Inclusion (DEI)\n- Governance, Risk management and Compliance (GRC)\n  - Information Security (especially the CISO)\n  - Data Protection Officer\n  - Compliance Officers\n  - Risk Management\n  - Internal Auditors\n  - Legal team\n  - Financial risk\n- Information Technology\n  - CTO\n  - Software Architects\n  - Cyber Security\n  - Site Reliability Engineering (SRE)\n  - Platform\n  - Business Application Owners\n  - Engineering Managers\n\n### Workforce IAM\n\n#### HR-Driven Identity Lifecycle\n\nThe HR department is the one that knows who is joining, who is leaving, who is\nmoving to another job within the company, who is on vacation, sick leave, parental\nleave, etc. Their system should expose for each employee at least the name that\nshould be used for them within the company (might be different from their legal\nname, which is only required by HR to sign contracts), the start and end dates\n(if applicable) of the contract, department, role, line manager, and absences.\n\nTheir database should be the source of truth for identities in the workforce. Other\nsources of truth can exist, but there must be a good reason for the exception.\nFurthermore, for such sources there needs to be an owner and at least one deputy\nresponsible for the identities, and the identities need to be marked as “untrusted”\nand have a label with the source to help the Information Security team evaluate\nany access requests to internal systems.\n\n#### Application Lifecycle Management (ALM) connected with the Asset Catalog\n\nIt is not possible to automate access to applications without knowing whether the\napplication is in review, ready to be used or about to be decommissioned, who the\nAsset Owner is, what roles can be assigned to users, etc.\n\nAll applications and services must reside in an Asset Catalog, be labeled with the\nappropriate status and Information Assurance (IA) levels, and have assigned Asset\nOwners (and deputies), Application Administrators, and Infrastructure Administrators.\n\nWhen selecting new applications and services, ensure that new systems have an\nappropriate interface for automated provisioning, preferring systems with SAML,\nSCIM, OpenID Connect, OAuth or at least appropriate API endpoints (or even better\na supported connector for your IGA. See [Evolveum Identity Connectors and Resources][evolveum-connectors]\nas an example).\n\n#### Automated Provisioning\n\nThe HR department can provide us with some information about employees, but it\nis up to the Line Manager, with the help of the Asset Owners (and the Information\nSecurity team when in doubt), to determine which roles to assign them for day-to-day\nwork (and it is preferable to use Profiles that aggregate access, e.g., a person\nworking on a project will need access to the relevant chat channels, project emails,\nrelated services, etc.).\n\nAll access and communication channels necessary for people's daily work should be\ngranted according to their profiles during on-boarding, based on their employment\nrelationship, location, sub-company, department, their role in the teams, projects\nto which they are assigned, etc.\n\nThe exclusive use of RBAC to grant people access to services and applications will\nlead to a proliferation of roles that will quickly become unmanageable. My advice\nis to use a Policy-Based approach in a Zero Trust architecture.\n\nAll administrative access must be granted using short just-in-time credentials\nthat needs approval. The approval process can be automated for exceptional cases\nusing policies (e.g., an on-call engineer needs to work on a service they are\nassigned to during an incident).\n\n#### Procedure and Processes\n\nMany procedures and processes will benefit from a well-built IAM infrastructure.\n\nThese include, but are not limited to:\n\n- Business Continuity\n- Disaster Recovery\n- Internal Audit\n\n## 🐣 Getting started\n\nThis project will create and provision 3 instances:\n\n- an [ansible][ansible] controller (also used to host the internal DNS server)\n- a [Kubernetes][kubernetes] cluster (a single instance for now)\n- a Linux desktop with [Xfce Desktop Environment][xfce]\n\n\u003e **Warning**\n\u003e\n\u003e To keep the code as clean as possible, for the time being, this project is not\n\u003e designed to be backward compatible.\n\u003e\n\u003e Instances are expected to be destroyed and recreated as new code may rename,\n\u003e remove, or modify resources in ways that could break previous deployments.\n\n### ⚙️ Setup\n\n#### Dependencies\n\n- [Jsonnet][jsonnet]\n- [Multipass][multipass] or [VirtualBox][virtualbox]\n\n#### Generate and provision instances\n\nThe `project-management` script manages the creation, provisioning, and deletion\nof instances.\n\nRun `./project-management --help` to get a list of options.\n\nTo execute all required steps, you can run:\n\n```sh\n./project-management --all\n```\n\nThe script will prompt for a password (and confirmation) to be used for the\ninstances administrator user.\n\nTo avoid being prompted for the password, you can create the file\n`generated/assets/passwords/admin/plain` or set the environment variable\n`INSTANCE_ADMIN_PASSWORD`.\n\n```sh\nINSTANCE_ADMIN_PASSWORD=changeme ./project-management -a\n```\n\nThe `-a` (or `--all`) option will perform all required steps sequentially.\n\nBy default, the script will use [multipass][multipass] and the host architecture,\nessentially the command `./project-management -a` is equivalent to running:\n\n```sh\n./project-management -o multipass -a \"$(uname -m)\" -g -c -b -w -p\n```\n\nIf you want more control, you can perform the steps in groups or one at a time:\n\ne.g.:\n\n```sh\n./project-management --generate --configure\n./project-management --bootstrap\n./project-management --wrap-up\n./project-management --provision\n```\n\n#### Delete instances\n\nThe `--delete` option will remove instances and related volumes, but keep the\ngenerated scripts and instances configuration.\n\n```sh\n./project-management --delete\n```\n\nTo delete the local project folder, generated scripts, and instances configuration,\nuse the `--purge` option alongside `--delete`.\n\n```sh\n./project-management --delete --purge\n```\n\n### 💻 Linux desktop Instance\n\n#### Connect using Remote Desktop\n\nUse any RDP client, such as [Windows App][microsoft-windows-app] (formerly known\nas [Microsoft Remote Desktop][microsoft-remote-desktop]) or [FreeRDP][freerdp],\nto connect to the `linux-desktop` instance.\n\n- user: **ubuntu**\n- password: **ubuntu**\n\nThe IP Address is the first entry from `ipv4` when running the following command:\n\n```sh\n./platform/project-script-generator/generated/instances-status.sh linux-desktop\n```\n\n#### Test self-signed certificates\n\nThe ansible scripts should have installed the self-signed root certificate\ninside the linux-desktop instance.\n\nTo test that the services are using the proper DNS and certificates, open a\nterminal in `linux-desktop` and type:\n\n```sh\n~/bin/check-instance-config.sh\n```\n\nThe result should be similar to the [OpenSSL Checks](./docs/screenshots.md#openssl-checks)\nscreenshot.\n\n#### Complete Setup\n\n\u003e **Note:** required to run only once\n\n##### Configure Forgejo ssh keys\n\nOpen a terminal to generate the ssh keys.\n\n```sh\nssh-keygen -t ed25519 -C \"ubuntu@iam-demo.test\"\n```\n\nOpen a [Forgejo](https://git.iam-demo.test) in a browser and login using the\ncredentials from [Connect using linux-desktop browser](#connect-using-linux-desktop-browser).\n\nOpen a terminal and copy your public ssh key in the clipboard.\n\n```sh\ncat ~/.ssh/id_ed25519.pub | tee \u003e(xclip -selection clipboard); echo ''\n```\n\nOpen [Manage SSH Keys in Forgejo](https://git.iam-demo.test/user/settings/keys)\nin a browser and paste the public key.\n\n### 🧑‍💻 Access Kubernetes cluster\n\n#### Connecting from the console\n\nAccess `ansible-controller` shell using:\n\n```sh\n./platform/project-script-generator/generated/instance-shell.sh ansible-controller\n```\n\nor connect to `linux-desktop` [using Remote Desktop](#connect-using-remote-desktop)\nand open a terminal.\n\nYou can also access `linux-desktop` shell using:\n\n```sh\n./platform/project-script-generator/generated/instance-shell.sh linux-desktop\n```\n\nTo check the Kubernetes configuration, type:\n\n```sh\nkubectl config view\n```\n\nThe output should be like the following:\n\n```yaml\napiVersion: v1\nclusters:\n- cluster:\n    certificate-authority-data: DATA+OMITTED\n    server: https://iam-control-plane.iam-demo.test:6443\n  name: default\ncontexts:\n- context:\n    cluster: default\n    user: default\n  name: default\ncurrent-context: default\nkind: Config\npreferences: {}\nusers:\n- name: default\n  user:\n    client-certificate-data: DATA+OMITTED\n    client-key-data: DATA+OMITTED\n```\n\nThe [kubernetes](kubernetes/) folder is mounted inside the `ansible-controller`\nunder `/kubernetes`.\n\n#### Connect using linux-desktop browser\n\nConnect to `linux-desktop` [using Remote Desktop](#connect-using-remote-desktop).\n\nOpen Firefox inside the instance, and use the following URLs:\n\n\u003e **Note:** You can also find them in the Firefox Bookmarks Toolbar under\n\u003e \"Managed bookmarks\".\n\n- Grafana: \u003chttps://grafana.iam-demo.test\u003e\n  - user: admin\n  - password: grafana-admin\n- Forgejo: \u003chttps://git.iam-demo.test\u003e\n  - user: forgejo-admin\n  - password: forgejopw123!\n- Prometheus: \u003chttps://prometheus.iam-demo.test\u003e\n- Alertmanager: \u003chttps://alertmanager.iam-demo.test\u003e\n- Consul: \u003chttps://consul.iam-demo.test\u003e\n- Keycloak: \u003chttps://keycloak.iam-demo.test\u003e\n\nTo access Traefik or Kubernetes dashboards, follow the instructions in the\nrespective subsections.\n\n##### Traefik Dashboard\n\nOpen a terminal and start port forwarding using:\n\n```sh\nKUBECONFIG=~/.kube/config-iam-demo-tech\nkubectl port-forward \\\n  --namespace kube-system \\\n  $(kubectl get pods \\\n    --namespace kube-system \\\n    --selector \"app.kubernetes.io/name=traefik\" \\\n    --output=name) \\\n  9000:9000\n```\n\nOpen \u003chttp://127.0.0.1:9000/dashboard/\u003e in a browser.\n\n##### Kubernetes Dashboard\n\nGenerate a token, print it and copy it to the clipboard:\n\n```sh\nkubectl -n kubernetes-dashboard create token admin-user | tee \u003e(xclip -selection clipboard); echo ''\n```\n\nStart the proxy:\n\n```sh\nkubectl -n kubernetes-dashboard port-forward svc/kubernetes-dashboard-kong-proxy 8443:443\n```\n\nAccess the kubernetes-dashboard in a web browser opening:\n\n\u003chttps://localhost:8443/\u003e\n\n## 🧑‍🔧 Troubleshooting\n\n- [Troubleshooting](docs/troubleshooting/README.md)\n\n## 🔧 Development\n\nSee [development](docs/development/) documentation.\n\n## 🔖 Resources\n\nHere are some useful links on topics that I consider relevant.\n\nIt’s a long and incomplete list.\n\n### IAM, IGA, CIAM, and Zero Trust architecture\n\nRegarding IAM, IGA, CIAM, and Zero Trust architecture, [KuppingerCole][kuppingercole-website]\nis a reliable source for an introduction to these topics:\n\n- [The Definitive Guide to Identity \u0026 Access Management][kuppingercole-IAM-definitive-guide]\n- [Identity Governance and Administration – A Policy-Based Primer for Your Company][kuppingercole-IGA-guide]\n- [Customer Identity \u0026 Access Management (CIAM)][kuppingercole-CIAM]\n- [The Comprehensive Guide to Zero Trust Implementation][kuppingercole-zero-trust-guide]\n\nThe [Evolveum][evolveum-website] website also contains a lot of good IAM introductory\nconcepts:\n\n- [Practical Identity Management with MidPoint][evolveum-book]\n- [Identity and Access Management][evolveum-iam]\n\n### Accessibility Directives and Guidelines\n\n- [European Commission - Web Accessibility][ec-web-accessibility]: Overview of\n  the European Commission\n  Web Accessibility Directive\n- [EN 301 549][etsi-EN-301-549]: Accessibility requirements for ICT products and\n  services\n- [WAI][w3c-wai]: W3C Web Accessibility Initiative\n  - [WCAG][w3c-wai-wcag]: Web Content Accessibility Guidelines\n  - [ARIA][w3c-wai-aria]: Accessible Rich Internet Applications suite of web standards\n  - [ACT][w3c-wai-act]: Accessibility Conformance Testing\n  - [EARL][w3c-wai-earl]: Evaluation and Report Language\n  - [policies][w3c-wai-policies]: Web Accessibility Laws \u0026 Policies\n\n### Compliance As Code\n\n- [SCAP][nist-scap]: Security Content Automation Protocol\n- [OpenSCAP][open-scap]: open source security compliance toolkit\n  \u003e NIST certified for SCAP 1.2\n- [ComplianceAsCode][compliance-as-code-project]: The ComplianceAsCode project\n  \u003e Previously known as SCAP Security Guide (SSG)\n- [OSCAL][nist-oscal]: Open Security Controls Assessment Language\n  - [OSCAL Mini Workshop Series][nist-oscal-workshops]\n- [Trestle][trestle]: An opinionated platform to manage compliance as code using\n  NIST's OSCAL standard\n- [OPA][opa-website]: Open Policy Agent\n  \u003e Declarative Policies - Context-aware, Expressive, Fast, Portable\n- [OPAL][opal]: Open Policy Administration Layer\n\n### Frameworks and Regulations\n\n- [GDPR][gdpr]: General Data Protection Regulation\n- [ISO/IEC 27000][iso-27000]: Information security management systems - Overview\n  and vocabulary\n- [ISO/IEC 27001][iso-27001]: Information security management systems - Requirements\n- [ISO/IEC 24760][iso-24760]: IT Security and Privacy - A framework for identity\n  management\n- [NIS2 directive][nis2-final]: Network and Information Security Directive\n  \u003e EU-wide legislation on cybersecurity\n  - [The NIS2 Directive Explained][nis2-explained]\n- [KRITIS][kritis-de]: Kritische Infrastrukturen (German)\\\n  English translation: [Critical Infrastructures][kritis-en]\n- [DORA][dora]: Digital Operational Resilience Act\n- [BaFin][bafin-de]: Bundesanstalt für Finanzdienstleistungsaufsicht (German)\\\n  English translation: [Federal Financial Supervisory Authority][bafin-en]\n- [MaRisk][marisk-de]: Mindestanforderungen an das Risikomanagement (German)\\\n  English translation: [Minimum Requirements for Risk Management][marisk-en]\n- [BAIT][bait-de]: Bankaufsichtliche Anforderungen an die IT (German)\\\n  English translation: [Supervisory Requirements for IT in Financial Institutions][bait-en]\\\n  [Clearer Guidelines as a Basis for More Effective Implementation][kuppingercole-bait]\n  (KuppingerCole)\n- [MiCA][mica]: Markets in Crypto-Assets Regulation\n- [EHDS][ehds]: European Health Data Space\n- [eHDSI]: eHealth Digital Service Infrastructure\n- [DVG][dvg-en]: Digital Healthcare Act\n\n### Standard Notations\n\n- [BPMN][bpmn]: Business Process Model and Notation\n- [DMN][dmn]: Decision Model and Notation\n\n## 📄 Licenses\n\n- Documentation: [CC-BY-4.0](LICENSE-DOCS)\n- Code: [Apache-2.0](LICENSE-CODE)\n\n[ansible]: \u003chttps://ansible.readthedocs.io/\u003e \"Ansible\"\n[bafin-de]: \u003chttps://www.bafin.de/\u003e \"BaFin - Bundesanstalt für Finanzdienstleistungsaufsicht\"\n[bafin-en]: \u003chttps://www.bafin.de/EN/\u003e \"BaFin -Federal Financial Supervisory Authority\"\n[bait-de]: \u003chttps://www.bafin.de/ref/19595164\u003e \"BAIT - Bankaufsichtliche Anforderungen an die IT\"\n[bait-en]: \u003chttps://www.bafin.de/ref/19594854\u003e \"BAIT - Supervisory Requirements for IT in Financial Institutions\"\n[bpmn]: \u003chttps://www.omg.org/spec/BPMN\u003e \"Business Process Model and Notation\"\n[compliance-as-code-project]: \u003chttps://complianceascode.readthedocs.io/\u003e \"ComplianceAsCode project\"\n[dmn]: \u003chttps://www.omg.org/spec/DMN\u003e \"Decision Model and Notation\"\n[dora]: \u003chttps://www.eiopa.europa.eu/digital-operational-resilience-act-dora_en\u003e \"Digital Operational Resilience Act (DORA)\"\n[dvg-en]: \u003chttps://www.bundesgesundheitsministerium.de/en/digital-healthcare-act\u003e \"Digital Healthcare Act – DVG\"\n[ec-web-accessibility]: \u003chttps://digital-strategy.ec.europa.eu/en/policies/web-accessibility\u003e \"European Commission - Web Accessibility\"\n[ehds]: \u003chttps://health.ec.europa.eu/ehealth-digital-health-and-care/european-health-data-space_en\u003e \"European Health Data Space\"\n[ehdsi]: \u003chttps://health.ec.europa.eu/ehealth-digital-health-and-care/electronic-cross-border-health-services_en\u003e \"eHealth Digital Service Infrastructure (eHDSI)\"\n[etsi-EN-301-549]: \u003chttps://www.etsi.org/deliver/etsi_en/301500_301599/301549/03.02.01_60/en_301549v030201p.pdf\u003e \"EN 301 549 V3.2.1\"\n[evolveum-book]: \u003chttps://docs.evolveum.com/book/\u003e \"EVolveum - Practical Identity Management with MidPoint\"\n[evolveum-connectors]: \u003chttps://docs.evolveum.com/connectors/\u003e \"Evolveum - Identity Connectors and Resources\"\n[evolveum-iam]: \u003chttps://docs.evolveum.com/iam/\u003e \"Evolveum - Identity and Access Management\"\n[evolveum-website]: \u003chttps://evolveum.com/\u003e \"Evolveum\"\n[freerdp]: \u003chttps://www.freerdp.com/\u003e \"FreeRDP: A Remote Desktop Protocol Implementation\"\n[gdpr]: \u003chttps://gdpr-info.eu/\u003e \"General Data Protection Regulation\"\n[iso-24760]: \u003chttps://www.iso.org/standard/77582.html\u003e \"ISO/IEC 24760-1:2019\"\n[iso-27000]: \u003chttps://www.iso.org/standard/73906.html\u003e \"ISO/IEC 27000\"\n[iso-27001]: \u003chttps://www.iso.org/standard/27001\u003e \"ISO/IEC 27001\"\n[jsonnet]: \u003chttps://jsonnet.org\u003e \"Jsonnet\"\n[kritis-de]: \u003chttps://www.bsi.bund.de/DE/Themen/Regulierte-Wirtschaft/Kritische-Infrastrukturen/kritis_node.html\u003e \"KRITIS - Kritische Infrastrukturen\"\n[kritis-en]: \u003chttps://www.bsi.bund.de/EN/Themen/Regulierte-Wirtschaft/Kritische-Infrastrukturen/kritis_node.html\u003e \"KRITIS - Critical Infrastructures\"\n[kubernetes]: \u003chttps://kubernetes.io\u003e \"Kubernetes CLI\"\n[kuppingercole-bait]: \u003chttps://www.kuppingercole.com/blog/reinwarth/bait-clearer-guidelines-as-a-basis-for-more-effective-implementation\u003e \"KuppingerCole - BAIT: Clearer Guidelines as a Basis for More Effective Implementation\"\n[kuppingercole-CIAM]: \u003chttps://www.kuppingercole.com/insights/customer-identity-and-access-management\u003e \"KuppingerCole - Customer Identity \u0026 Access Management\"\n[kuppingercole-IAM-definitive-guide]: \u003chttps://www.kuppingercole.com/insights/identity-and-access-management/identity-access-management-guide\u003e \"KuppingerCole - The Definitive Guide to Identity \u0026 Access Management\"\n[kuppingercole-IGA-guide]: \u003chttps://www.kuppingercole.com/insights/identity-governance-and-administration/identity-governance-and-administration-guide\u003e \"KuppingerCole - Identity Governance and Administration – A Policy-Based Primer for Your Company\"\n[kuppingercole-website]: \u003chttps://www.kuppingercole.com/\u003e \"KuppingerCole Analysts AG\"\n[kuppingercole-zero-trust-guide]: \u003chttps://www.kuppingercole.com/insights/zero-trust/zero-trust-guide\u003e \"KuppingerCole - The Comprehensive Guide to Zero Trust Implementation\"\n[marisk-de]: \u003chttps://www.bafin.de/dok/16502162\u003e \"MaRisk - Mindestanforderungen an das Risikomanagement\"\n[marisk-en]: \u003chttps://www.bafin.de/dok/17832170\u003e \"MaRisk - Minimum Requirements for Risk Management\"\n[mica]: \u003chttps://www.esma.europa.eu/esmas-activities/digital-finance-and-innovation/markets-crypto-assets-regulation-mica\u003e \"Markets In Crypto-Assets Regulation (MiCA)\"\n[microsoft-remote-desktop]: \u003chttps://learn.microsoft.com/en-us/windows-server/remote/remote-desktop-services/clients/remote-desktop-clients\u003e \"Microsoft Remote Desktop\"\n[microsoft-windows-app]: \u003chttps://learn.microsoft.com/windows-app\u003e \"Windows App\"\n[multipass]: \u003chttps://multipass.run/\u003e \"Canonical Multipass\"\n[nis2-explained]: \u003chttps://nis2directive.eu/\u003e \"The NIS2 Directive Explained\"\n[nis2-final]: \u003chttps://eur-lex.europa.eu/eli/dir/2022/2555/oj\u003e \"The Final NIS2 Legal Text\"\n[nist-oscal-workshops]: \u003chttps://pages.nist.gov/OSCAL/learn/presentations/mini-workshop/\u003e \"OSCAL Mini Workshop Series\"\n[nist-oscal]: \u003chttps://pages.nist.gov/OSCAL/\u003e \"OSCAL: the Open Security Controls Assessment Language\"\n[nist-scap]: \u003chttps://scap.nist.gov/\u003e \"SCAP - Security Content Automation Protocol\"\n[opa-website]: \u003chttps://www.openpolicyagent.org/\u003e \"Open Policy Agent\"\n[opal]: \u003chttps://github.com/permitio/opal\u003e \"Open Policy Administration Layer\"\n[open-scap]: \u003chttps://www.open-scap.org/\u003e \"OpenSCAP\"\n[trestle]: \u003chttps://github.com/IBM/compliance-trestle\u003e \"Trestle\"\n[virtualbox]: \u003chttps://www.virtualbox.org/\u003e \"VirtualBox\"\n[w3c-wai-act]: \u003chttps://www.w3.org/WAI/standards-guidelines/act/\u003e \"W3C - Accessibility Conformance Testing\"\n[w3c-wai-aria]: \u003chttps://www.w3.org/WAI/intro/aria\u003e \"W3C WAI - Accessible Rich Internet Applications\"\n[w3c-wai-earl]: \u003chttps://www.w3.org/WAI/intro/earl\u003e \"W3C WAI - Evaluation and Report Language\"\n[w3c-wai-policies]: \u003chttps://www.w3.org/WAI/policies/\u003e \"W3C WAI - Web Accessibility Laws \u0026 Policies\"\n[w3c-wai-wcag]: \u003chttps://www.w3.org/WAI/intro/wcag\u003e \"W3C WAI - Web Content Accessibility Guidelines\"\n[w3c-wai]: \u003chttps://www.w3.org/WAI/\u003e \"W3C Web Accessibility Initiative\"\n[xfce]: \u003chttps://www.xfce.org/\u003e \"Xfce Desktop Environment\"\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsinetris%2Fiam-infrastructure-prototype","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsinetris%2Fiam-infrastructure-prototype","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsinetris%2Fiam-infrastructure-prototype/lists"}