[keycloak-dev] inter-realm trust model

[Bill Burke]

To establish trust between realms I was thinking about a simple table:

realm|trusted-realm|role

Here's some example records:

test-realm|master|manage-clients
test-realm|master|view-users

means

"test-realm" trusts the "master" realm, but they can only 
"manage-clients" and "view-users"

The "role" column would just be the name of the realm, not an id and 
would reference the "realm-management" client roles (which will be moved 
to security-admin-console client).

-- 
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com