[keycloak-user] Users spanning across realms

Hi As mentioned in previous post, I'm looking at how to leverage KeyCloak within the Overlord governance projects. I can see how our web UIs and REST services could be defined within a single realm, with the appropriate roles, users and user/role mappings. However if we wanted to build some apps that made use of other JBoss projects, that also used KeyCloak, but with their own realms, then how would a user be defined to use our app that may at the backend need to call services provided by other projects/realms? Wondering whether the user concept needs to be defined outside of a realm, so that it could be assigned roles within a number of realms, allowing them to access the various apps in those different domains? More of a conceptual discussion, rather than an actual problem at this stage - was more curious how it could work, as not a security expert. Regards Gary