I need to take a closer look on what Marek did around client scopes. So
far, scopes were basically associated with roles and protocol mappers and
that is not really what we need in UMA 2.0.
If scopes now is more abstract and we can remove "authorization scopes" in
authz services, I need to take a look ...
In fact, I need to review scope parameter in UMA grant type in order to
allow clients to push additional scopes other those already added in a
ticket.
On Wed, Mar 14, 2018 at 10:37 AM, Schuster Sebastian (INST/ESY1) <
Sebastian.Schuster(a)bosch-si.com> wrote:
Hi,
I saw there are activities to replace client templates with client scopes.
UMA 2.0 uses the term “client scope” to determine what the OAuth client
wants to do with the granted access (e.g. this could be used to determine
the purpose of processing some data for GDPR compliance). Since Keycloak
will also support UMA 2.0, I am a little concerned this might lead to some
confusion. As you know, there are only two hard problems in computer
science: cache invalidation, naming things, and off-by-one errors. ☺ WDYT?
Best regards,
Sebastian
Mit freundlichen Grüßen / Best regards
Dr.-Ing. Sebastian Schuster
Engineering and Support (INST/ESY1)
Bosch Software Innovations GmbH | Ullsteinstr. 128 | 12109 Berlin |
GERMANY |
www.bosch-si.com<http://www.bosch-si.com>
Tel. +49 30 726112-485 | Fax +49 30 726112-100 |
Sebastian.Schuster@bosch-si.com<mailto:Sebastian.Schuster@bosch-si.com>
Sitz: Berlin, Registergericht: Amtsgericht Charlottenburg; HRB 148411 B
Aufsichtsratsvorsitzender: Dr.-Ing. Thorsten Lücke; Geschäftsführung: Dr.
Stefan Ferber, Michael Hahn
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev