An operating system where identity, access control, and service management are built in — not bolted on.
The problem
Identity fragmented across LDAP, PAM, and passwd files. Configuration scattered across /etc. Access control split between mode bits, ACLs, SELinux, AppArmor, and capabilities — each with its own vocabulary, its own config format, its own failure modes.
You can't bolt unified management onto this and have it feel cohesive. You have to own the stack deep enough that the seams disappear.
What Peios does differently
Every process carries a token — a rich security context with SIDs, group memberships, privileges, and integrity levels. The kernel evaluates identity on every access decision. No external auth service in the critical path.
Security descriptors protect every object — files, registry keys, processes, services. One set of concepts, one evaluation pipeline, one set of diagnostic tools. Learn it once, apply it everywhere.
Install a role — DNS, file services, certificate authority — and it works. No manual configuration. Every role participates in the identity model, the registry, and the management plane automatically.
Domain-join machines, replicate identity across sites, authenticate users across trust boundaries. Federation isn't an add-on — the identity model was designed for it from day one.
All configuration lives in one place. Group policy writes to the registry, reconcilers project to the system. No more hunting through scattered config files.
Every access decision, privilege use, and security event is auditable. The event pipeline is part of the OS, not a sidecar you bolt on after the fact.
Manage identity, services, policy, and monitoring from one web interface. Everything the CLI can do, the console can do — because they both speak the same protocol.
Architecture
Tokens, security descriptors, AccessCheck, mandatory integrity, process protection, privileges, confinement, auditing. The security model lives here.
Registry, authentication, principal store, event logging. The foundational daemons that make the system go.
CLI tools, group policy, the admin console. Every management action flows through the same identity and access control model.
DNS, DHCP, file services, certificate authority, and more. Install what you need — each role inherits identity, access control, and management for free.
Roadmap
The foundation. KACS kernel security model, peinit service manager, registry, authentication, principal store, event logging. A bootable system with the complete security model and core services.
Admin console, CLI tooling, group policy, and the first installable roles: DNS, DHCP, certificate authority, file services. The system becomes usable for real infrastructure.
Domain provisioning, multi-site replication, cross-domain trust. Machines join domains, users authenticate across sites, group policy propagates. The identity model reaches its full potential.
The full platform. Xen-based hypervisor, hardware-backed Secure Boot, DeepTrust security hardening, first-class VM management. VMs participate in the domain model as first-class citizens with their own identities and security descriptors.
Peios Learn covers the entire security model — from identity fundamentals through access control, integrity, privileges, and beyond.
Explore the Documentation