I’m a big proponent of SSO. I’ve put no small amount of work into making it work with Nethserver. And if Nethesis are going to put SSO into NS8 (as they’ve mentioned up-topic they intend to), and SCIM is a growing standard for SSO, I’d just as soon, all other things being equal, they work with a product that includes it rather than one that doesn’t.
But Martin, you seem to be putting a pretty high priority on SCIM. So, to repeat the question I asked back in October (and again earlier this evening), why? What does it bring to the table–in the context of a small organization, which is what NS8 is designed to serve–that existing protocols don’t?
AWStats shows about 60 downloads of my RPM between 2022 and 2023. Hardly a ringing endorsement (automx, self-service-password, and acme-dns are all more popular), but it does tend to suggest there are other users.
But it’s also important to keep in mind that, even with my module, LLNG isn’t the easiest thing to configure. I’d expect interest would be a bit higher in a better-integrated solution.
You mention that SSO tends to be reserved for big business. I’m not sure how accurate that is any more, with as popular as “Log in with Google/Facebook/Microsoft/GitHub” is becoming (all of which are a form of SSO, but remotely hosted), but even leaving that aside, I think there’s a definite place for it in the small organization as well. The IAM piece of it wouldn’t be as relevant–you’d most likely have all users have access to all, or at least most, of the services on the server. But given that that’s the case, it seems silly for the same user to have to log in separately to SOGo, Nextcloud, and Mattermost (to give three examples), when all three are running on the same server for the same organization. And I think that’s a feature that would be viewed as beneficial by lots of users, even if most wouldn’t put a lot of work into making it happen. Even for a home environment this can be helpful.
I’m agnostic as to which solution the devs implement, and I’m far from sold on SCIM. But it looks like the devs do plan to implement a SSO system, and if they do that right that can be a pretty significant convenience for users of the server.