Re: [keycloak-dev] Introduce role attributes

We also have the same requirements but would use it mostly for role metadata. This would not be used in a token but for thinks like after assigning a role to a user sending an email to the person responsible for that role. This is required for compliance reasons. We would strongly prefer to store this data in Keycloak as custom role attributes instead of maintaining it somewhere else... Best regards, Sebastian Mit freundlichen Grüßen / Best regards Dr.-Ing. Sebastian Schuster Engineering and Support (INST/ESY1) Bosch Software Innovations GmbH | Ullsteinstr. 128 | 12109 Berlin | GERMANY | www.bosch-si.com Tel. +49 30 726112-485 | Fax +49 30 726112-100 | Sebastian.Schuster(a)bosch-si.com Sitz: Berlin, Registergericht: Amtsgericht Charlottenburg; HRB 148411 B Aufsichtsratsvorsitzender: Dr.-Ing. Thorsten Lücke; Geschäftsführung: Dr. Stefan Ferber, Michael Hahn -----Original Message----- From: keycloak-dev-bounces(a)lists.jboss.org <keycloak-dev-bounces(a)lists.jboss.org&gt; On Behalf Of Stian Thorgersen Sent: Montag, 16. Juli 2018 20:27 To: Sebastian.Loesch(a)governikus.de Cc: keycloak-dev <keycloak-dev(a)lists.jboss.org&gt; Subject: Re: [keycloak-dev] Introduce role attributes I don't think we should add attributes to roles. It would introduce complexity and also potentially have performance/memory impacts. I also struggle to see how you would use attributes associated with roles. Are you thinking that would be mapped into the token together with the role name? On Tue, 3 Jul 2018 at 07:37, Lösch, Sebastian < Sebastian.Loesch(a)governikus.de&gt; wrote: _______________________________________________ keycloak-dev mailing list keycloak-dev(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-dev