[keycloak-dev] Attribute-based Access Control

Pedro Igor Silva psilva at redhat.com
Mon Apr 11 09:42:07 EDT 2016


Like Marek said, we are working a new set of functionalities to leverage Keycloak's authorization model to also support fine-grained permissions.

By fine-grained, that means you'll be able to manage your resources and their respective scopes and associate them with authorization policies that rule who,when,how access should be granted. Where these policies can be based on ABAC, RBAC, Context-based, etc. Some policies can be even written using Javascript (which gives you great flexibility) or JBoss Drools.

Right now, I'm merging that code that Marek pointed out with upstream/master. However, For latest code about this stuff, please consider [1].

I hope to get a PR this week, but fell free to take a look and try it out :)

[1] https://github.com/pedroigor/keycloak/tree/KEYCLOAK-2753

----- Original Message -----
From: "Marek Posolda" <mposolda at redhat.com>
To: "Duarte" <duarteetraud at gmail.com>, keycloak-dev at lists.jboss.org
Cc: "Pedro Igor Silva" <psilva at redhat.com>
Sent: Monday, April 11, 2016 9:48:08 AM
Subject: Re: [keycloak-dev] Attribute-based Access Control

There is authorization prototype by Pedro in progress. You can check it 
here https://github.com/pedroigor/keycloak-authz

Marek

On 09/04/16 14:45, Duarte wrote:
> Hi,
>
> My name is Duarte, and this is the first post on this dev-list.
>
> My question is regarding Attribute-based Access Control. Is there any 
> usable feature for Attribute based decision for resource access? Or do 
> I have to make my own?
>
> Basically what I want to do is a PEP (Policy Enforcement Point) and a 
> PDP (Policy Decision Point) on Keycloak with external attributes 
> (Federated).
>
> e.g: User has attribute of X can only access files A<->B and User with 
> attribute Y can only access B<->L.
>
> Thank you.
>
> -- 
>
>
>
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev


More information about the keycloak-dev mailing list