AEGIS Identity Fabric

Unified Zero-Trust Access for hybrid and multi-cloud.
IAM and PAM convergence, independent from cloud-native IAM.

Zero Trust IAM/PAM Convergence Multi-Cloud Governance
Explore the Architecture Download Documentation 
   AEGIS Identity Fabric
   ─────────────────────
   Users / Services
          │
          ▼   SSO / MFA
     [ INDIGO IAM ]
          │  SCIM / Policy
          ▼
     [  XOMS Hub   ]
          │  Access Rules
          ▼
   [ JumpServer PAM ]
          │
          ▼
  OpenStack • Azure • AWS
   On-Prem • Edge

What is AEGIS Identity Fabric?

AEGIS is an open, vendor-neutral Identity & Access Fabric designed to unify IAM and PAM under a single Zero-Trust control plane, across OpenStack, Azure, AWS and on-prem environments.

Problem

  • Each cloud provides its own proprietary IAM stack.
  • Privileged access is handled as a separate silo.
  • Policies are duplicated and inconsistent across platforms.
  • Audit trails are fragmented and difficult to interpret.

AEGIS Approach

  • Single Identity & Access Fabric independent from cloud IAM.
  • Converged IAM + PAM with unified governance.
  • Write policies once, enforce them everywhere.
  • Immutable, centralized audit for human and machine identities.

Architecture at a Glance

AEGIS integrates INDIGO IAM, XOMS and JumpServer into a unified Identity & Access Fabric sitting above OpenStack, Azure, AWS and on-prem resources.

Logical View

┌─────────────────────────────────────────┐
│       AEGIS Identity & Access Fabric    │
└─────────────────────────────────────────┘
         ▲            ▲            ▲
         │            │            │
   [ INDIGO ]    [  XOMS  ]   [ JumpServer ]
   Federation     Identity     Access Fabric
      SSO/MFA       Hub        PAM / Sessions
         │            │            │
         └────────────┼────────────┘
                      ▼
     OpenStack • Azure • AWS • On-Prem

Core Components

  • INDIGO IAM — Federation, SSO, MFA, OIDC/SAML.
  • XOMS Identity Hub — Identity lifecycle, roles, policies, SCIM.
  • JumpServer — Privileged sessions, vaulting, audit, connectors.
  • AEGIS Fabric Logic — Policy orchestration, Zero-Trust enforcement.
  • Cloud Providers — OpenStack, Azure, AWS, on-prem, treated as resource pools.

Key Capabilities

Vendor-Neutral Identity Fabric

Identity and access governance is decoupled from cloud-native IAM. AEGIS becomes the single source of truth for authentication, authorization and lifecycle.

IAM + PAM Convergence

Human, service and privileged identities follow the same governance pipeline: one policy model, one audit trail, one Zero-Trust design.

Zero-Trust Enforcement

Every access decision evaluates identity, context and policy before any resource interaction. No implicit trust, no “flat” admin networks.

Multi-Cloud Governance

OpenStack, Azure, AWS and on-prem are integrated as resource providers behind the AEGIS Fabric, not as separate identity islands.

Immutable Audit Trail

Privileged sessions are recorded, signed and centrally stored for forensics and compliance, with cloud-independent evidence.

Open & Extensible

Built around open standards (OIDC, SAML, SCIM, SSH, APIs) and modular components that can evolve independently.

Ecosystem

AEGIS is evolving into a broader platform architecture: from Blueprint (design), to Identity (access), to Autonomous Operations (run).

AEGIS — Identity Fabric

Unified IAM/PAM governance and Zero-Trust enforcement across OpenStack, Azure, AWS and on-prem. Write policies once and enforce them everywhere with centralized audit evidence.

Status: active architecture & lab work

ARGOS — Autonomous Operations

Closed-loop AIOps: observability → detection → reasoning → remediation → verification. MVP starts local (simulation + scripts) and grows towards Prometheus-based production integrations.

Status: MVP design (v0.1)

Learn more →

DAEDALUS — LLD Automation

Automated Low-Level Design generation for Azure, OpenStack, AWS and physical/virtual environments. Inputs: HLD + inventory + requirements. Outputs: consistent LLD, checks and templates.

Status: MVP design (v0.1)

Learn more →

DAEDALUS (LLD)  →  AEGIS (IAM/PAM)  →  ARGOS (AIOps)
Blueprints      →  Identity Fabric  →  Autonomous Ops

ARGOS — Autonomous Resilience & Governance for Operational Systems

ARGOS is an autonomous operations framework designed to detect anomalies and execute safe remediation actions with verification and auditability.

MVP v0.1 (Local + Simulation)

  • Event/metrics input: simulated dataset (Prometheus API later).
  • Detection: lightweight rules + basic anomaly signals.
  • Reasoning: context-driven decision proposal (LLM-assisted).
  • Action engine: scripts/runbooks (restart, port/service reset).
  • Verification: health checks + metrics confirmation.
  • Outputs: incident report + action log (audit trail).

Roadmap

  • v0.1 — Closed-loop remediation for services/ports (local demo).
  • v0.2 — Certificate lifecycle use cases (expiry, renewal verification).
  • v0.3 — Event correlation and richer context (logs/metrics).
  • v0.4 — Guardrails + integration with AEGIS policies.

DAEDALUS — Dynamic Architecture & Engineering for Deployment Automation

DAEDALUS aims to automate Low-Level Design (LLD) creation from structured inputs, producing consistent technical documents and validation checklists across cloud and on-prem environments.

Inputs → Outputs

  • Inputs: HLD, requirements (NFRs), inventory, connectivity needs.
  • Outputs: LLD sections (networking, IAM, logging, HA/DR), matrices, and checks.
  • Targets: Azure, OpenStack, AWS, physical/virtual infrastructure.

Roadmap

  • v0.1 — Templates + guided generation (Markdown/DOCX).
  • v0.2 — Structured model (YAML/JSON) as source of truth.
  • v0.3 — Validation engine (consistency, security, compliance hints).
  • v0.4 — Hooks to IaC / pipelines (optional, later).

Compliance & Standards Alignment

AEGIS is designed as a compliance-ready architecture, aligning naturally with modern security and digital resilience regulations.

Security & Risk

  • DORA – Digital Operational Resilience (EU).
  • ISO/IEC 27001 – Annex A controls for identity & access.
  • NIST SP 800-207 – Zero Trust Architecture.
  • CIS Controls v8 – Identity, access and logging.

Regulatory & National Frameworks

  • ENS (Spain) – High level for identity, access and audit.
  • PCI DSS, SOC 2, GDPR – Support via unified logging and least-privilege access.
  • Centralized evidence for internal and external audits.

Roadmap 2025–2027

AEGIS is being developed as a living architecture, with a clear roadmap and iterative maturity model.

Q4 2025 – Foundation

Architecture definition, governance model, OpenStack reference implementation, initial connectors and baseline documentation.

Q1–Q2 2026 – IAM/PAM Consolidation

INDIGO federation, XOMS lifecycle integration, JumpServer fabric baseline, consolidated identity flows for human and service accounts.

Q3–Q4 2026 – Access Fabric Expansion

Privileged session orchestration across OpenStack and on-prem, initial Azure and AWS integration, centralized audit pipeline and SIEM exports.

Q1–Q2 2027 – Multi-Cloud Governance

Full Azure and AWS connectors, cross-cloud policy unification and advanced role/governance features.

Q3–Q4 2027 – Compliance & Productization

DORA / ISO 27001 / NIST Zero Trust alignment packages, audit evidence kits, formal releases and wider community collaboration.

2026 – ARGOS (Autonomous Operations)

MVP closed-loop remediation (local + simulation), progressing to Prometheus-based integrations and certificate lifecycle automation for production-like scenarios.

2026 – DAEDALUS (LLD Automation)

Automated LLD generation for Azure, OpenStack, AWS and on-prem/physical environments, including templates, validation checklists and consistent technical deliverables.

2027 – Ecosystem Integration

Guardrails and policy-driven actions: DAEDALUS as design source-of-truth, AEGIS as the Identity Fabric, and ARGOS as the autonomous operations loop with audited, controlled remediation.

CV / Resume

Download my CV in English or Spanish (PDF).

Download CV (EN) — PDF Descargar CV (ES) — PDF

Documentation & Downloads

Documentation is being published progressively as the architecture evolves.

  • AEGIS Master Architecture (Technical Whitepaper) – PDF / DOCX (coming soon)
  • Executive Overview – 2-page summary for C-level (coming soon)
  • Compliance Mapping – DORA, ISO 27001, NIST 800-207, ENS
  • Lab Deployment Guide – How to build the AEGIS lab on a mini-DC (coming soon)
  • GitHub Repository – Architecture, scripts and examples: github.com/bcollantes/aegis-identityfabric

Contact

AEGIS Identity Fabric is an independent architectural initiative focused on secure, vendor-neutral identity and access governance.

If you are a security architect, engineer, auditor or you are exploring Zero-Trust and multi-cloud identity strategies, you can get in touch to discuss the model, potential collaborations or lab deployments.

Project Contact

Baltasar Collantes Giner

System Architect • IAM/PAM Specialist

Email: baltasar.collantesginer@gmx.es

AEGIS Identity Fabric – Research & Architecture Project.