[neupatr]

Keto only does authorization, independent of users, devices, bots, applications, ... Basically you store your ACLs there and then ask "is _subject_ allowed to do _relation_ on _object_". All the variables are whatever you define them to be.

Check out https://github.com/ory/kratos, our identity server. Or https://github.com/ory/hydra, our OAuth2 server. All of them together can be assembled to have something like Keycloak.

[candiddevmike]

Kratos can manage users and groups right? Looks like it requires a database backend today. I have been noodling what a distributed AAA service like kratos might look like--any plans to leverage etcd instead?

What about managing auth for (Linux) servers? PAM, sudo, etc?

[CGamesPlay]

Do any of the ORY products provide a UI? From what I've seen of Kratos, you have to completely implement all HTML output yourself. Is that accurate? Is there some drop-in UI in the ORY ecosystem?

[neupatr]

Exactly, all of our products come without any UI whatsoever. There are example UIs that could be improved, but they can get you started easily. Something like stripe's hosted pages is on our list, just not had the time to implement it yet.