[keycloak-user] Relationship of Groups to Roles?

[Marc Boorshtein]

>
> Yes, you are on the right track.  we're always open to suggestions on how to
> model things better too.


Excellent.  I really like the separation of roles and groups.  It
creates a very clean logical break between the two.  I usually do this
with most of my deployments from a conceptual standpoint but the fact
that its built into keycloak is very nice.

>
> Also You could certainly populate group membership information in your
> tokens/saml assertions and combine the concepts of group/role.  But Keycloak
> itself has separate meanings for them.

Makes sense.  I tend to take an "all of the above" approach to
identity.  So few applications follow consistent standards that I'd
rather have several options then be forced to use just one.

>
> Also, Pedro is working a permission service based on UMA.  You should be
> seeing alphas/betas coming out soon.
>
>

Very nice.  Looking forward to it!