AEGIS Identity Fabric

Unified Zero-Trust Access for hybrid and multi-cloud.
IAM and PAM convergence, independent from cloud-native IAM.

Zero Trust IAM/PAM Convergence Multi-Cloud Governance
Explore the Architecture Download Documentation 
   AEGIS Identity Fabric
   ─────────────────────
   Users / Services
          │
          ▼   SSO / MFA
     [ INDIGO IAM ]
          │  SCIM / Policy
          ▼
     [  XOMS Hub   ]
          │  Access Rules
          ▼
   [ JumpServer PAM ]
          │
          ▼
  OpenStack • Azure • AWS
   On-Prem • Edge

What is AEGIS Identity Fabric?

AEGIS is an open, vendor-neutral Identity & Access Fabric designed to unify IAM and PAM under a single Zero-Trust control plane, across OpenStack, Azure, AWS and on-prem environments.

Problem

  • Each cloud provides its own proprietary IAM stack.
  • Privileged access is handled as a separate silo.
  • Policies are duplicated and inconsistent across platforms.
  • Audit trails are fragmented and difficult to interpret.

AEGIS Approach

  • Single Identity & Access Fabric independent from cloud IAM.
  • Converged IAM + PAM with unified governance.
  • Write policies once, enforce them everywhere.
  • Immutable, centralized audit for human and machine identities.

Architecture at a Glance

AEGIS integrates INDIGO IAM, XOMS and JumpServer into a unified Identity & Access Fabric sitting above OpenStack, Azure, AWS and on-prem resources.

Logical View

┌─────────────────────────────────────────┐
│       AEGIS Identity & Access Fabric    │
└─────────────────────────────────────────┘
         ▲            ▲            ▲
         │            │            │
   [ INDIGO ]    [  XOMS  ]   [ JumpServer ]
   Federation     Identity     Access Fabric
      SSO/MFA       Hub        PAM / Sessions
         │            │            │
         └────────────┼────────────┘
                      ▼
     OpenStack • Azure • AWS • On-Prem

Core Components

  • INDIGO IAM — Federation, SSO, MFA, OIDC/SAML.
  • XOMS Identity Hub — Identity lifecycle, roles, policies, SCIM.
  • JumpServer — Privileged sessions, vaulting, audit, connectors.
  • AEGIS Fabric Logic — Policy orchestration, Zero-Trust enforcement.
  • Cloud Providers — OpenStack, Azure, AWS, on-prem, treated as resource pools.

Key Capabilities

Vendor-Neutral Identity Fabric

Identity and access governance is decoupled from cloud-native IAM. AEGIS becomes the single source of truth for authentication, authorization and lifecycle.

IAM + PAM Convergence

Human, service and privileged identities follow the same governance pipeline: one policy model, one audit trail, one Zero-Trust design.

Zero-Trust Enforcement

Every access decision evaluates identity, context and policy before any resource interaction. No implicit trust, no “flat” admin networks.

Multi-Cloud Governance

OpenStack, Azure, AWS and on-prem are integrated as resource providers behind the AEGIS Fabric, not as separate identity islands.

Immutable Audit Trail

Privileged sessions are recorded, signed and centrally stored for forensics and compliance, with cloud-independent evidence.

Open & Extensible

Built around open standards (OIDC, SAML, SCIM, SSH, APIs) and modular components that can evolve independently.

Compliance & Standards Alignment

AEGIS is designed as a compliance-ready architecture, aligning naturally with modern security and digital resilience regulations.

Security & Risk

  • DORA – Digital Operational Resilience (EU).
  • ISO/IEC 27001 – Annex A controls for identity & access.
  • NIST SP 800-207 – Zero Trust Architecture.
  • CIS Controls v8 – Identity, access and logging.

Regulatory & National Frameworks

  • ENS (Spain) – High level for identity, access and audit.
  • PCI DSS, SOC 2, GDPR – Support via unified logging and least-privilege access.
  • Centralized evidence for internal and external audits.

Roadmap 2025–2027

AEGIS is being developed as a living architecture, with a clear roadmap and iterative maturity model.

Q4 2025 – Foundation

Architecture definition, governance model, OpenStack reference implementation, initial connectors and baseline documentation.

Q1–Q2 2026 – IAM/PAM Consolidation

INDIGO federation, XOMS lifecycle integration, JumpServer fabric baseline, consolidated identity flows for human and service accounts.

Q3–Q4 2026 – Access Fabric Expansion

Privileged session orchestration across OpenStack and on-prem, initial Azure and AWS integration, centralized audit pipeline and SIEM exports.

Q1–Q2 2027 – Multi-Cloud Governance

Full Azure and AWS connectors, cross-cloud policy unification and advanced role/governance features.

Q3–Q4 2027 – Compliance & Productization

DORA / ISO 27001 / NIST Zero Trust alignment packages, audit evidence kits, formal releases and wider community collaboration.

Documentation & Downloads

Documentation is being published progressively as the architecture evolves.

  • AEGIS Master Architecture (Technical Whitepaper) – PDF / DOCX (coming soon)
  • Executive Overview – 2-page summary for C-level (coming soon)
  • Compliance Mapping – DORA, ISO 27001, NIST 800-207, ENS (coming soon)
  • Lab Deployment Guide – How to build the AEGIS lab on a mini-DC (coming soon)
  • GitHub Repository – Architecture, scripts and examples: github.com/bcollantes/aegis-identityfabric

Contact

AEGIS Identity Fabric is an independent architectural initiative focused on secure, vendor-neutral identity and access governance.

If you are a security architect, engineer, auditor or you are exploring Zero-Trust and multi-cloud identity strategies, you can get in touch to discuss the model, potential collaborations or lab deployments.

Project Contact

Baltasar Collantes Giner

System Architect • IAM/PAM Specialist

Email: baltasar.collantesginer@gmx.es

AEGIS Identity Fabric – Research & Architecture Project.