Hi Marek, Pedro
Thank you for the replies.
Very interesting indeed I'm surely take a look into this!! Let me know If I
can help you with anything.
Just one question before I pull this version, do you have the web interface
to manage the policies?
Cheers.
2016-04-11 14:42 GMT+01:00 Pedro Igor Silva <psilva(a)redhat.com>:
Like Marek said, we are working a new set of functionalities to
leverage
Keycloak's authorization model to also support fine-grained permissions.
By fine-grained, that means you'll be able to manage your resources and
their respective scopes and associate them with authorization policies that
rule who,when,how access should be granted. Where these policies can be
based on ABAC, RBAC, Context-based, etc. Some policies can be even written
using Javascript (which gives you great flexibility) or JBoss Drools.
Right now, I'm merging that code that Marek pointed out with
upstream/master. However, For latest code about this stuff, please consider
[1].
I hope to get a PR this week, but fell free to take a look and try it out
:)
[1]
https://github.com/pedroigor/keycloak/tree/KEYCLOAK-2753
----- Original Message -----
From: "Marek Posolda" <mposolda(a)redhat.com>
To: "Duarte" <duarteetraud(a)gmail.com>, keycloak-dev(a)lists.jboss.org
Cc: "Pedro Igor Silva" <psilva(a)redhat.com>
Sent: Monday, April 11, 2016 9:48:08 AM
Subject: Re: [keycloak-dev] Attribute-based Access Control
There is authorization prototype by Pedro in progress. You can check it
here
https://github.com/pedroigor/keycloak-authz
Marek
On 09/04/16 14:45, Duarte wrote:
> Hi,
>
> My name is Duarte, and this is the first post on this dev-list.
>
> My question is regarding Attribute-based Access Control. Is there any
> usable feature for Attribute based decision for resource access? Or do
> I have to make my own?
>
> Basically what I want to do is a PEP (Policy Enforcement Point) and a
> PDP (Policy Decision Point) on Keycloak with external attributes
> (Federated).
>
> e.g: User has attribute of X can only access files A<->B and User with
> attribute Y can only access B<->L.
>
> Thank you.
>
> --
>
>
>
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev(a)lists.jboss.org
>
https://lists.jboss.org/mailman/listinfo/keycloak-dev