Roadmap

Where Ferriskey is going next.

A directional view of what is being worked on now, what is coming next, and which longer-term bets matter most.

See release notes Back to homepage

On desktop, scrolling down moves the roadmap forward from Now to Next to Later.

Current capabilities

What Ferriskey already provides today across IAM, deployment, security, and operations.

Realms and IAM objects

available

Manage realms, clients, users, roles, organizations, client scopes, and protocol mappers from the IAM surface.

Identity federation

available

Support OIDC, LDAP, and external identity providers for federated authentication scenarios.

Authentication methods

available

Cover Magic Link, Passkeys, reset password, TOTP, and core grant types including password, client credentials, and refresh token.

Mail and token controls

available

Configure mail templates, token lifetimes, and authentication-related communication flows.

Cloud-native deployment

available

Ship with Helm, Docker, and Kubernetes support for platform-oriented deployments.

Audit and debugging modules

available

Use Compass and SeaWatch to audit authentication flows, debug behavior, and inspect IAM event logs.

Events and permissions

available

Expose webhooks and bitwise permissions for event-driven integrations and fine-grained IAM administration rights.

Next steps

The next product areas being shaped to make Ferriskey more complete and easier to operate.

Portal builder and auth flow

planned

Build a configurable portal experience and a clearer way to define authentication journeys.

Authorization service

planned

Define and specify the dedicated authorization service before turning it into a stable product surface.

Organizations and sessions

planned

Add organization groups and a session management API for better administration of tenants, users, and active access.

Security hardening

planned

Introduce brute-force protection, rate limiting, OAuth 2.1 compliance, and Token Exchange support based on RFC 8693.

Account and client operations

planned

Deliver user self-service accounts, client evaluation tooling, and a CLI for operators and developers.

Migration strategies

planned

Document and support migration paths from Supabase, Keycloak, Auth0, and other existing identity stacks.

Native multi-tenancy

planned

Move toward first-class multi-tenancy with quotas and stronger tenant isolation semantics.

Passwordless-first security

planned

Explore device trust and device binding as first-class building blocks for passwordless authentication.

Long term

Longer-horizon bets for policy, authorization, secrets, identity standards, and adaptive security.

Policy-driven auth flows

exploring

Use OPA to attach policy rules directly to authentication flow decisions.

Vault-backed secrets

exploring

Store critical material such as keys and client secrets in a Vault-backed architecture.

Authorization standards

exploring

Evaluate AuthZEN compliance and fine-grained authorization as the authorization surface matures.

MCP Server

exploring

Expose Ferriskey capabilities through an MCP server for agentic and automation-oriented workflows.

Decentralized identity

exploring

Explore DID and Verifiable Credentials for decentralized identity use cases.

Adaptive authentication

exploring

Use risk scoring to adapt authentication requirements to context and suspicious behavior.

Timeline

Current capabilities

Next steps

Long term

Current capabilities

What Ferriskey already provides today across IAM, deployment, security, and operations.

Realms and IAM objects

available

Manage realms, clients, users, roles, organizations, client scopes, and protocol mappers from the IAM surface.

Identity federation

available

Support OIDC, LDAP, and external identity providers for federated authentication scenarios.

Authentication methods

available

Cover Magic Link, Passkeys, reset password, TOTP, and core grant types including password, client credentials, and refresh token.

Mail and token controls

available

Configure mail templates, token lifetimes, and authentication-related communication flows.

Cloud-native deployment

available

Ship with Helm, Docker, and Kubernetes support for platform-oriented deployments.

Audit and debugging modules

available

Use Compass and SeaWatch to audit authentication flows, debug behavior, and inspect IAM event logs.

Events and permissions

available

Expose webhooks and bitwise permissions for event-driven integrations and fine-grained IAM administration rights.

Next steps

The next product areas being shaped to make Ferriskey more complete and easier to operate.

Portal builder and auth flow

planned

Build a configurable portal experience and a clearer way to define authentication journeys.

Authorization service

planned

Define and specify the dedicated authorization service before turning it into a stable product surface.

Organizations and sessions

planned

Add organization groups and a session management API for better administration of tenants, users, and active access.

Security hardening

planned

Introduce brute-force protection, rate limiting, OAuth 2.1 compliance, and Token Exchange support based on RFC 8693.

Account and client operations

planned

Deliver user self-service accounts, client evaluation tooling, and a CLI for operators and developers.

Migration strategies

planned

Document and support migration paths from Supabase, Keycloak, Auth0, and other existing identity stacks.

Native multi-tenancy

planned

Move toward first-class multi-tenancy with quotas and stronger tenant isolation semantics.

Passwordless-first security

planned

Explore device trust and device binding as first-class building blocks for passwordless authentication.

Long term

Longer-horizon bets for policy, authorization, secrets, identity standards, and adaptive security.

Policy-driven auth flows

exploring

Use OPA to attach policy rules directly to authentication flow decisions.

Vault-backed secrets

exploring

Store critical material such as keys and client secrets in a Vault-backed architecture.

Authorization standards

exploring

Evaluate AuthZEN compliance and fine-grained authorization as the authorization surface matures.

MCP Server

exploring

Expose Ferriskey capabilities through an MCP server for agentic and automation-oriented workflows.

Decentralized identity

exploring

Explore DID and Verifiable Credentials for decentralized identity use cases.

Adaptive authentication

exploring

Use risk scoring to adapt authentication requirements to context and suspicious behavior.