From what I can tell you, good security is hard - we have prepared the product exactly as you describe on various levels (vpn, identity, SSO, Yubikey provisioning, etc) and prepared the architecture to be secure (multiple segments support: intranet, DMZ, proxy for exposing only public endpoints and functionalities publicly)…
What I observe in a year of the project being public and analysing heavily the landscape, similar projects, Reddit of what users are seeking and what problems they have is that: a lot of people and companies value comfort more then security (even if they will not admit it publicly), because security is hard. That also means there is w niche and need, but… it’s really hard to build a secure, easy to use and deploy security system…
Hope you don’t give up and peruse!, as it’s worth fighting about security and privacy
Defguard looks great, it's got a similar architecture (local first, with a vpn) and your feature list looks like my todo list!
I could see recommending this product to others!
You have a few features that surprised me, like support for "authentication with crypto software and hardware wallets". This seems like the sort of thing a business would never need. Did you have users agitate for this feature? Or is it a direction you're trying to steer clients?
Overall, nicely done, I wish I'd known about this when I started!
Those features you’ve mentioned were done for some customers/projects that deployed defguard - but web3 stack (especially wallet libraries) are so… immature and problematic that we will be most probably removing those features.
Can you share your roadmap? Ideas? Seems we share the same mindset and vision, would be great to exchange knowledge, ideas…
This looks very nice. Comment: there's a whole industry that - whether or not they utterly despise the idea - is required to use FIPS-certified encryption. If you were somehow able to make that a component, you might be able to expand your market significantly.
From what I can tell you, good security is hard - we have prepared the product exactly as you describe on various levels (vpn, identity, SSO, Yubikey provisioning, etc) and prepared the architecture to be secure (multiple segments support: intranet, DMZ, proxy for exposing only public endpoints and functionalities publicly)…
What I observe in a year of the project being public and analysing heavily the landscape, similar projects, Reddit of what users are seeking and what problems they have is that: a lot of people and companies value comfort more then security (even if they will not admit it publicly), because security is hard. That also means there is w niche and need, but… it’s really hard to build a secure, easy to use and deploy security system…
Hope you don’t give up and peruse!, as it’s worth fighting about security and privacy