<div dir="ltr">Hi Marek, Pedro<div><br></div><div>Thank you for the replies.</div><div><br></div><div>Very interesting indeed I'm surely take a look into this!! Let me know If I can help you with anything. </div><div><br></div><div>Just one question before I pull this version, do you have the web interface to manage the policies?</div><div><br></div><div><br></div><div>Cheers.</div></div><div class="gmail_extra"><br><div class="gmail_quote">2016-04-11 14:42 GMT+01:00 Pedro Igor Silva <span dir="ltr"><<a href="mailto:psilva@redhat.com" target="_blank">psilva@redhat.com</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Like Marek said, we are working a new set of functionalities to leverage Keycloak's authorization model to also support fine-grained permissions.<br>
<br>
By fine-grained, that means you'll be able to manage your resources and their respective scopes and associate them with authorization policies that rule who,when,how access should be granted. Where these policies can be based on ABAC, RBAC, Context-based, etc. Some policies can be even written using Javascript (which gives you great flexibility) or JBoss Drools.<br>
<br>
Right now, I'm merging that code that Marek pointed out with upstream/master. However, For latest code about this stuff, please consider [1].<br>
<br>
I hope to get a PR this week, but fell free to take a look and try it out :)<br>
<br>
[1] <a href="https://github.com/pedroigor/keycloak/tree/KEYCLOAK-2753" rel="noreferrer" target="_blank">https://github.com/pedroigor/keycloak/tree/KEYCLOAK-2753</a><br>
<div class="HOEnZb"><div class="h5"><br>
----- Original Message -----<br>
From: "Marek Posolda" <<a href="mailto:mposolda@redhat.com">mposolda@redhat.com</a>><br>
To: "Duarte" <<a href="mailto:duarteetraud@gmail.com">duarteetraud@gmail.com</a>>, <a href="mailto:keycloak-dev@lists.jboss.org">keycloak-dev@lists.jboss.org</a><br>
Cc: "Pedro Igor Silva" <<a href="mailto:psilva@redhat.com">psilva@redhat.com</a>><br>
Sent: Monday, April 11, 2016 9:48:08 AM<br>
Subject: Re: [keycloak-dev] Attribute-based Access Control<br>
<br>
There is authorization prototype by Pedro in progress. You can check it<br>
here <a href="https://github.com/pedroigor/keycloak-authz" rel="noreferrer" target="_blank">https://github.com/pedroigor/keycloak-authz</a><br>
<br>
Marek<br>
<br>
On 09/04/16 14:45, Duarte wrote:<br>
> Hi,<br>
><br>
> My name is Duarte, and this is the first post on this dev-list.<br>
><br>
> My question is regarding Attribute-based Access Control. Is there any<br>
> usable feature for Attribute based decision for resource access? Or do<br>
> I have to make my own?<br>
><br>
> Basically what I want to do is a PEP (Policy Enforcement Point) and a<br>
> PDP (Policy Decision Point) on Keycloak with external attributes<br>
> (Federated).<br>
><br>
> e.g: User has attribute of X can only access files A<->B and User with<br>
> attribute Y can only access B<->L.<br>
><br>
> Thank you.<br>
><br>
> --<br>
><br>
><br>
><br>
> _______________________________________________<br>
> keycloak-dev mailing list<br>
> <a href="mailto:keycloak-dev@lists.jboss.org">keycloak-dev@lists.jboss.org</a><br>
> <a href="https://lists.jboss.org/mailman/listinfo/keycloak-dev" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-dev</a><br>
</div></div></blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div>[Never forget "Security is not a product, but a process"]</div><div><br></div></div></div></div></div></div>
</div>