[keycloak-dev] Fwd: [security-dev] Keycloak datamodel
Bill Burke
bburke at redhat.com
Tue Jul 30 08:49:08 EDT 2013
Picketlink was interested in our datamodel. Here's what I hacked based
on previous Picketlink IDM constraints.
-------- Original Message --------
Subject: [security-dev] Keycloak datamodel
Date: Tue, 30 Jul 2013 08:44:37 -0400
From: Bill Burke <bburke at redhat.com>
To: security-dev at lists.jboss.org <security-dev at lists.jboss.org>
Keycloak is a SaaS in which people can register to create their own realms.
Default Realm:
User
Roles: REALM_CREATOR
Custom RealmAdminRelationship: Attribute: realmId, Attribute: User.
RealmId points to a realm a User has created
SSO Realms:
* A bunch of attributes for the Realm like private/public key stored in
an Agent
* Users
* Roles
* User/RoleMapping
* Custom RequiredCredentialRelationship. Defines the credential types
required by the realm.
* Custom ScopeRelationship. Scope is the same as role mapping, but this
defines an OAuth grant thing. It is the roles a user is allowed to
request permissions for. It is an Attribute of an Agent and a Role.
* Custom ResourceRelationship. A resource is an application that is
managed by the realm. This has Attribute Agent pointing to the Agent of
the realm, various attributes of the resource, and also a String value
pointing to the Tier. I couldn't figure out how to have a hard
relationship to a Tier
Resource (maps to Tier)
* Roles
* User/RoleMapping
* ScopeRelationship
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
_______________________________________________
security-dev mailing list
security-dev at lists.jboss.org
https://lists.jboss.org/mailman/listinfo/security-dev
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
More information about the keycloak-dev
mailing list