[keycloak-dev] Attribute-based Access Control

Duarte duarteetraud at gmail.com
Mon Apr 11 10:28:26 EDT 2016


Hi Marek, Pedro

Thank you for the replies.

Very interesting indeed I'm surely take a look into this!! Let me know If I
can help you with anything.

Just one question before I pull this version, do you have the web interface
to manage the policies?


Cheers.

2016-04-11 14:42 GMT+01:00 Pedro Igor Silva <psilva at redhat.com>:

> Like Marek said, we are working a new set of functionalities to leverage
> Keycloak's authorization model to also support fine-grained permissions.
>
> By fine-grained, that means you'll be able to manage your resources and
> their respective scopes and associate them with authorization policies that
> rule who,when,how access should be granted. Where these policies can be
> based on ABAC, RBAC, Context-based, etc. Some policies can be even written
> using Javascript (which gives you great flexibility) or JBoss Drools.
>
> Right now, I'm merging that code that Marek pointed out with
> upstream/master. However, For latest code about this stuff, please consider
> [1].
>
> I hope to get a PR this week, but fell free to take a look and try it out
> :)
>
> [1] https://github.com/pedroigor/keycloak/tree/KEYCLOAK-2753
>
> ----- Original Message -----
> From: "Marek Posolda" <mposolda at redhat.com>
> To: "Duarte" <duarteetraud at gmail.com>, keycloak-dev at lists.jboss.org
> Cc: "Pedro Igor Silva" <psilva at redhat.com>
> Sent: Monday, April 11, 2016 9:48:08 AM
> Subject: Re: [keycloak-dev] Attribute-based Access Control
>
> There is authorization prototype by Pedro in progress. You can check it
> here https://github.com/pedroigor/keycloak-authz
>
> Marek
>
> On 09/04/16 14:45, Duarte wrote:
> > Hi,
> >
> > My name is Duarte, and this is the first post on this dev-list.
> >
> > My question is regarding Attribute-based Access Control. Is there any
> > usable feature for Attribute based decision for resource access? Or do
> > I have to make my own?
> >
> > Basically what I want to do is a PEP (Policy Enforcement Point) and a
> > PDP (Policy Decision Point) on Keycloak with external attributes
> > (Federated).
> >
> > e.g: User has attribute of X can only access files A<->B and User with
> > attribute Y can only access B<->L.
> >
> > Thank you.
> >
> > --
> >
> >
> >
> > _______________________________________________
> > keycloak-dev mailing list
> > keycloak-dev at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-dev
>



-- 
[Never forget "Security is not a product, but a process"]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-dev/attachments/20160411/9e68b2ac/attachment.html 


More information about the keycloak-dev mailing list