Statement: MidPoint Release Changes

MidPoint is an open source identity management and governance platform, that has been consistently improving for more than a decade. Each midPoint release has brought new and exciting features and improvements, setting a trend that we plan to maintain. At the same time, midPoint has become a significant software product. Since we are adding new code, it is important to deal with existing code as well, maintain it, improve it, and adapt it to changing requirements. It is natural, as new items are added that some of the old ones have to be reworked, limited, and even removed.

There are features that have become a liability rather than an asset. These are deprecated and obsolete features, things that we would like to remove, yet are still being used. Support for obsolete “generic repository” databases is one of them. It was deprecated years ago and replaced by a superior function. However, we are still being asked to continue supporting the old ways, which puts a strain on our development, QA, and engineering resources. It takes a lot of time and energy, which could be invested in improving midPoint instead.
Therefore, we have decided to make some features available only to midPoint subscribers. By removing access to such features, we are hoping to motivate users to migrate, thus allowing us to focus on features that we consider much more important.

Then there are features necessary to support huge, complex, and demanding deployments, which are expensive to develop, test, and maintain. We believe that it is fair to expect users of these features to support the additional effort necessary to keep such functionalities alive.
One such feature is clustering. In the past, it might have been considered a necessary function, especially for highly-available systems. However, the world is changing. MidPoint can reach high levels of availability even without the use of complex clustering mechanisms.

We have many good reasons to do this. First of all, the development of midPoint needs to be sustainable. We need to focus on improving midPoint, developing features that are likely to benefit a wider community, and removing distractions and obstacles that slow us down.
Secondly, there are cybersecurity regulations that are about to change the world of software development as we know it, including open source software. The Cyber Resilience Act proposed by the EU is changing the game by making software producers responsible for the security of their code. We fully support security improvements, and we are not afraid to take responsibility for the work that we are doing.
However, regulation is likely to have an impact on open source in general. We are lucky enough to have a stable source of income to fund the development of midPoint.

Yet, midPoint does not exist in a void. It relies on a number of other open source projects, libraries, development frameworks, and tools. Many of them do not have a reliable source of income. We  already contribute to the projects we are using. However, we expect that we will need to divert more time and energy to support such projects in the future. Funding of open source development is a hard and unsolved problem. Due to long-term neglect from policy-makers, combined with new regulations, some open source projects may experience difficulties or they may disappear entirely. The open source landscape is going to change forever. We need to be prepared, make sure midPoint’s development is ongoing, and ensure that both midPoint and all of its dependencies are secure.

We are fully aware that making some features of open source software only available to subscribers is a move that is likely to be regarded as controversial. However, we are making sure that the essential functionality of midPoint is freely available, and will remain so. We do not plan to limit any feature necessary to deploy midPoint in small, medium, and even some large environments. If your environment is very large and complex, or you rely on obsolete functionality, you may be impacted.
However, in such a case, we are impacted as well, including the midPoint community at large. It is only fair if we ask you to contribute to midPoint’s development.

Years ago, we promised that midPoint would remain purely an open source as long as we had something to say about it. That promise is still valid. MidPoint was, is, and will always remain an open source project. We are not removing any code, nor keeping a single line of code secret. Everything is publicly available. Our decision to make some midPoint features only available to subscribers is not meant to limit anyone. It is meant to motivate midPoint users to be fair and keep open source development sustainable for the benefit of us all.

Igor Farinic

CEO, Evolveum

Leave a Reply

Your email address will not be published.