Simple, centralized identity storage and password checking. Passwords are securely stored using PBKDF2.
Email-based password reset functionality with a minimalist web interface.
Full API access for all operations: Separate user-facing and administrator-facing APIs are exposed on different
ports and are accessed using an efficient binary protocol over HTTP.
Full Java API for performing user and administrative operations.
Strong separation between administrators and users.
Fine-grained capability based security model for administrative operations; Safely write external services that
can perform administrative operations while maintaining the principle of least privilege.
Command-line administrative shell.
Complete audit log; every operation that changes the state of the system is logged in an append-only log.