[keycloak-dev] Authz Model Implementation
Cristhian Lopez
calovi86 at gmail.com
Mon Oct 19 09:56:12 EDT 2015
Thanks for your clear answer Pedro, I understand the vision that KC is aiming to achieve and now I know what requirements I’m going to be able to cover with the KC approach.
Also, following the Arthur concerns, IMO the in-house security solutions that were built using PL are going to follow a different path from KC and will have to be maintained with resources inside the company or they can extend the SPI that will be provided by KC and this still will require a high inside resources demand.
I think KC will work for my needs and I will be interested in contributing if it’s possible. I’m looking forward to test the Authz server.
Regards,
Cristhian.
> On Oct 19, 2015, at 7:45 AM, Arthur Gregório <arthurshakal at gmail.com> wrote:
>
> Then KC will not have a model in the style of the PL?
>
> This means that those who used the PL hoping that everything in it was in KC turned out to have a framework discontinued and with no more updates?
>
> Or the PL as it exists today will continue to be developed and there will be a plus integration with KC?
>
> I am very confused by the merge of the projects, it appears that the security of my system already died before were born.
>
> at.,
>
> Arthur P. Gregório
> +55 45 9958-0302
> @gregorioarthur
> www.arthurgregorio.eti.br <http://www.arthurgregorio.eti.br/>
>
> 2015-10-19 10:24 GMT-02:00 Pedro Igor Silva <psilva at redhat.com <mailto:psilva at redhat.com>>:
> Hey Crhisthian,
>
> As Bill said, we are working on an Authz Server for Keycloak in order to provide fine-grained permissions. It is still a working in progress, although we already have a baseline for a first release which will happen very soon.
>
> From a migration perspective, while PL provides a rich Permission Java API, Keycloak will provide a distributable authorization server based on a RESTful API to manage resources, policies, evaluate policies, obtain entitlements and plus other goodies. In other words, Keycloak will become a PAP (Policy Administration Point), a PDP (Policy Decision Point) and a Entitlements Server. Everything based on OpenID Connect (and of course, oAuth2).
>
> As you know, Keycloak is a feature rich, OOTB and easy to use security as a service solution. We are considering these same premises for the authz server, so you can protect web apps, RESTful APIs or any other resources very easily. For instance, you'll be able to write policies using JBoss Drools, EL and easily extend your existing oAuth2 clients in order ask for permissions or enforce them (in case your client acts as a resource server).
>
> I'm afraid there will be no "migragration path" between PL and KC, at this sense. But we can work together to make this migration easier. For instance, we are going to provide a Protection API which can be used to manage resources and policies remotely.
>
> Regards.
> Pedro Igor
>
> ----- Original Message -----
> From: "Cristhian Camilo Lopez" <calovi86 at gmail.com <mailto:calovi86 at gmail.com>>
> To: keycloak-dev at lists.jboss.org <mailto:keycloak-dev at lists.jboss.org>
> Sent: Sunday, October 18, 2015 3:16:30 PM
> Subject: Re: [keycloak-dev] Authz Model Implementation
>
>
>
> Hi Pedro,
>
> I'm migrating from Picketlink, but I haven't found the way to use fine-grained permissions, Could u give me some advice on this ?
>
> Thanks,
>
> Cristhian.
>
>
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org <mailto:keycloak-dev at lists.jboss.org>
> https://lists.jboss.org/mailman/listinfo/keycloak-dev <https://lists.jboss.org/mailman/listinfo/keycloak-dev>
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org <mailto:keycloak-dev at lists.jboss.org>
> https://lists.jboss.org/mailman/listinfo/keycloak-dev <https://lists.jboss.org/mailman/listinfo/keycloak-dev>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-dev/attachments/20151019/388ee462/attachment.html
More information about the keycloak-dev
mailing list