[keycloak-dev] Authz Model Implementation
Pedro Igor Silva
psilva at redhat.com
Mon Oct 19 13:01:45 EDT 2015
Hey Arthur,
Please, take a look at this announcement [1] for more details about the merge.
[1] http://picketlink.org/news/2015/03/10/PicketLink-and-Keycloak-project-merge/
Regards.
Pedro Igor
----- Original Message -----
From: "Arthur Gregório" <arthurshakal at gmail.com>
To: "Pedro Igor Silva" <psilva at redhat.com>
Cc: "Cristhian Camilo Lopez" <calovi86 at gmail.com>, keycloak-dev at lists.jboss.org
Sent: Monday, October 19, 2015 10:45:24 AM
Subject: Re: [keycloak-dev] Authz Model Implementation
Then KC will not have a model in the style of the PL?
This means that those who used the PL hoping that everything in it was in
KC turned out to have a framework discontinued and with no more updates?
Or the PL as it exists today will continue to be developed and there will
be a plus integration with KC?
I am very confused by the merge of the projects, it appears that the
security of my system already died before were born.
at.,
*Arthur P. Gregório*
*+55 45 9958-0302*
@gregorioarthur
www.arthurgregorio.eti.br
2015-10-19 10:24 GMT-02:00 Pedro Igor Silva <psilva at redhat.com>:
> Hey Crhisthian,
>
> As Bill said, we are working on an Authz Server for Keycloak in order
> to provide fine-grained permissions. It is still a working in progress,
> although we already have a baseline for a first release which will happen
> very soon.
>
> From a migration perspective, while PL provides a rich Permission Java
> API, Keycloak will provide a distributable authorization server based on a
> RESTful API to manage resources, policies, evaluate policies, obtain
> entitlements and plus other goodies. In other words, Keycloak will become a
> PAP (Policy Administration Point), a PDP (Policy Decision Point) and a
> Entitlements Server. Everything based on OpenID Connect (and of course,
> oAuth2).
>
> As you know, Keycloak is a feature rich, OOTB and easy to use security
> as a service solution. We are considering these same premises for the authz
> server, so you can protect web apps, RESTful APIs or any other resources
> very easily. For instance, you'll be able to write policies using JBoss
> Drools, EL and easily extend your existing oAuth2 clients in order ask for
> permissions or enforce them (in case your client acts as a resource server).
>
> I'm afraid there will be no "migragration path" between PL and KC, at
> this sense. But we can work together to make this migration easier. For
> instance, we are going to provide a Protection API which can be used to
> manage resources and policies remotely.
>
> Regards.
> Pedro Igor
>
> ----- Original Message -----
> From: "Cristhian Camilo Lopez" <calovi86 at gmail.com>
> To: keycloak-dev at lists.jboss.org
> Sent: Sunday, October 18, 2015 3:16:30 PM
> Subject: Re: [keycloak-dev] Authz Model Implementation
>
>
>
> Hi Pedro,
>
> I'm migrating from Picketlink, but I haven't found the way to use
> fine-grained permissions, Could u give me some advice on this ?
>
> Thanks,
>
> Cristhian.
>
>
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
More information about the keycloak-dev
mailing list