[keycloak-dev] Simplifying realm model
Bill Burke
bburke at redhat.com
Thu Jun 18 08:47:04 EDT 2015
This would make things easier to store custom data too. It could be
extended to places where custom data could be prevalent. For example,
credential storage.
But here are the disadvantages:
* Do we have to worry about concurrency issues more though? All you
need is 2 concurrent admins modifying different settings in the realm
for one to overwrite the other. For example, one admin could be adding
a role, another could be configuring an identity provider. Sure, these
kind of concurrency issues exist now, but they are isolated because
realm model data is in different tables. Minimally, you would need some
kind of optimistic locking scheme that provided a non-cryptic error
message when there were collisions.
* Admins would never be able to modify the database directly.
On 6/18/2015 5:19 AM, Stian Thorgersen wrote:
>
>
> ----- Original Message -----
>> From: "Marek Posolda" <mposolda at redhat.com>
>> To: "Stian Thorgersen" <stian at redhat.com>, "keycloak dev" <keycloak-dev at lists.jboss.org>
>> Sent: Thursday, 18 June, 2015 10:59:42 AM
>> Subject: Re: [keycloak-dev] Simplifying realm model
>>
>> +1 to go this way for realm model. For users+userSessions I would likely
>> keep it in current form due to performance reasons, but for realm model
>> I am not seeing any issue to store it in blob as realm model doesn't
>> contain big amount of data. I am seeing just advantages and much simpler
>> migration and DB maintenance, which is currently pain.
>
> Yep, user model is much simpler in either case and isn't such a pain. We could probably clean it up a bit, but would certainly keep a proper schema for it with many tables and such.
>
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
More information about the keycloak-dev
mailing list