[keycloak-user] keycloak-quickstarts: app-authz-photoz vs. app-authz-uma-photoz
Pedro Igor Silva
psilva at redhat.com
Tue Oct 23 15:57:06 EDT 2018
On Tue, Oct 23, 2018 at 3:35 PM Melissa Palmer <melissa.palmer at gmail.com>
wrote:
> Thanks Pedro,
>
> Two more things
> 1) on the app-authz-photoz it refers and uses photoz-authz-policy but
> there is no module for photoz-authz-policy in the code base,
> is it ok then to use the one from app-authz-uma-photoz
>
Humm ... I thought I have removed any reference for this one. If so, it is
an issue and I'll fix it. That quickstart should not be using drools
policies ...
>
> 2) What would the advantage be to use the UMA flow?
>
You are using a standard that is more suitable if you have privacy
requirements. For instance, in UMA your client application is able to
submit "authorization requests" to resource owners so they can approve
access to others to their assets and you are allowed to manage permissions
to these "user-managed resources" via a REST API.
>
> Thanks Melissa
>
> On Tue, 23 Oct 2018 at 16:05, Pedro Igor Silva <psilva at redhat.com> wrote:
>
>> app-authz-photoz is not using UMA flow, so there is less overhead in the
>> client when obtaining RPTs (no permission ticket). Instead, it just sends
>> regular access tokens and PEP enforce access by querying the server for
>> permissions.
>>
>> On Tue, Oct 23, 2018 at 10:46 AM Melissa Palmer <melissa.palmer at gmail.com>
>> wrote:
>>
>>> Hi,
>>>
>>> Please can someone let me know what is the difference between the two
>>> quick-starts
>>> app-authz-photoz vs. app-authz-uma-photoz?
>>>
>>> Thanks In Advance
>>> Melissa
>>> _______________________________________________
>>> keycloak-user mailing list
>>> keycloak-user at lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>
>>
More information about the keycloak-user
mailing list