Hi Ainga, Nice to see such interest from your part. As you know, we don't support this specific part of UMA specs. The reason is that we did not have much demand from the community until now. However, to overcome the lack of claims gathering in our implementation, to provide a solution that could help non-UMA use cases, and in order to still allow permissions to be evaluated based on arbitrary claims, we allow resource servers to push claims to Keycloak so policies can use these claims to make their decisions. I do believe that your proposal would be a great addition to Keycloak, where these claims could be "gathered" more dynamically based on some user-defined flow, all that managed by Keycloak. I think it is also a step forward to step-up authentication and authorization ... I think the most challenging part of this capability is how we configure the flow in Keycloak, what we would provide OOTB (e.g.: ask 2-fator, questionnaire, etc) and how to extend Keycloak to support custom flows. Another important aspect is related to the PCT and how to manage it properly, and securely. So, how to get started ... I would suggest you to start implementing something based on your requirements and use case. I can help you during this process. Once we define this initial scope and impl we can start discussing how to make the solution generic/flexible enough to address more requirements. FYI, we have this JIRA [1]. Please, put there your requirements and use case and let's start a discussion around this. [1] https://issues.jboss.org/browse/KEYCLOAK-6868 Thanks. Pedro Igor On Wed, Nov 28, 2018 at 7:31 AM Aingaran Pillai <apillai(a)zaizi.com&gt; wrote: