add list of comparable projects from Marks thesis

c5e8c285 · Maarten de Waard · c348d183 · c5e8c285 · c5e8c285
Verified Commit c5e8c285 authored 4 years ago by Maarten de Waard
--- a/docs/comparable_projects.md
+++ b/docs/comparable_projects.md
+# Comparable projects
+
+Other open source projects similar to OpenAppStack exist. Each of the platforms
+listed here, like OpenAppStack, provides their own user management dashboard and
+all of them offer single sign-on (SSO) features. However the way in which the
+centralized user database is made accessible to applications and the way in
+which the platforms provide SSO varies. At the time of writing the most
+prominent open source projects matching the profile of OpenAppStack are
+Sandstorm, YunoHost and Cloudron.
+
+[Sandstorm](https://sandstorm.io) allows applications to be installed as so
+called Grains. The application contained in a Grain has to be changed to comply
+with its identity management. HTTP requests of users sent to Grains are modified
+by the Sandstorm platform to include user information in custom HTTP header
+fields. Applications have to extract this information from the headers and use
+it for application specific operations.
+
+[YunoHost](https://yunohost.org) uses LDAP to serve user information to
+applications. Applications are integrated into YunoHost by linking them to an
+internal LDAP server or by using hooks to duplicate user information and
+credentials in applications' databases. Additionally the SSO extension _SSOwat_
+can be used to protect unauthorized access to applications. YunoHost relies
+heavily on the Debian package manager and hosts everything on the same server.
+
+[Cloudron](https://cloudron.io) supports SSO via OpenID Connect (OIDC). In order
+to integrate an application into the Cloudron SSO system a so called oAuth-addon
+has to be assigned to the application. The application can then make use of
+the internally exposed OIDC server by extracting the oAuth configuration
+from its run time environment.  To integrate applications into their SSO
+system, they have to be changed to extract the oAuth information from
+environment variables and apply them to the application's configuration. In
+contrast to OpenAppStack, Cloudron [requires a paid
+account](https://cloudron.io/pricing.html) if you want to use more than two
+applications or more than five users.
+
+All mentioned platforms require applications to be changed in some way to make
+use of the authentication system. YunoHost couples applications very tightly
+with the platform by allowing them direct access to its user database. Sandstorm
+does not use a standardized authentication protocol to provide applications user
+information which requires many changes to be made to applications. Only
+Cloudron decouples the authentication process from applications by using the
+OIDC authentication protocol. Compared to these applications, OpenAppStack
+follows a more "cloud native" approach, turning SSO from a feature forced onto
+applications into a service that can be configured dynamically by the
+applications.
--- a/docs/index.rst
+++ b/docs/index.rst
@@ -32,5 +32,6 @@ For more information, go to `the OpenAppStack website`_.
   troubleshooting
   maintenance
   upgrading
+   comparable_projects
   design
   reference