<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
Some additional thoughts:<br>
* All user and realm metadata (group, roles, etc..) needs to be
referenced by a URI. URI would have a schema like this:
{provider}:{identifier}. Identifier can be anything. A keycloak
datastore would just be a primary key id, for LDAP it might be the
username, rolename, group name. You get the picture. Then a
manager service ould be used to resolve the URI into an actual Model
interface. User reference URIs could point to a broker (social or
parent IDP),an LDAP store, local keycloak db, etc.<br>
* For social login and brokering you would assign a user storage
mechanism to import the user into. We would have 3 possible
built-in options, JPA or Mongo, and Infinispan clustered in-memory
cache.<br>
<br>
<div class="moz-cite-prefix">On 3/3/2016 2:09 PM, Stian Thorgersen
wrote:<br>
</div>
<blockquote
cite="mid:CAJgngAeD3uZOSmerzn-3wHVBhuiCz6ir4T3AAeYA2jk6-TzPYg@mail.gmail.com"
type="cite">
<div dir="ltr">I've written up some thoughts on improving the
model for 2.x at <a moz-do-not-send="true"
href="https://docs.google.com/a/redhat.com/document/d/1ZmPjlJYvk_fwYvnWxz1E49ioZFZa3kfYCI1xE5gVClc/pub">https://docs.google.com/a/redhat.com/document/d/1ZmPjlJYvk_fwYvnWxz1E49ioZFZa3kfYCI1xE5gVClc/pub</a>
<div><br>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
keycloak-dev mailing list
<a class="moz-txt-link-abbreviated" href="mailto:keycloak-dev@lists.jboss.org">keycloak-dev@lists.jboss.org</a>
<a class="moz-txt-link-freetext" href="https://lists.jboss.org/mailman/listinfo/keycloak-dev">https://lists.jboss.org/mailman/listinfo/keycloak-dev</a></pre>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
Bill Burke
JBoss, a division of Red Hat
<a class="moz-txt-link-freetext" href="http://bill.burkecentral.com">http://bill.burkecentral.com</a></pre>
</body>
</html>