[keycloak-dev] Thoughts on improving the model for 2.x
Bill Burke
bburke at redhat.com
Thu Mar 3 20:45:47 EST 2016
Some additional thoughts:
* All user and realm metadata (group, roles, etc..) needs to be
referenced by a URI. URI would have a schema like this:
{provider}:{identifier}. Identifier can be anything. A keycloak
datastore would just be a primary key id, for LDAP it might be the
username, rolename, group name. You get the picture. Then a manager
service ould be used to resolve the URI into an actual Model interface.
User reference URIs could point to a broker (social or parent IDP),an
LDAP store, local keycloak db, etc.
* For social login and brokering you would assign a user storage
mechanism to import the user into. We would have 3 possible built-in
options, JPA or Mongo, and Infinispan clustered in-memory cache.
On 3/3/2016 2:09 PM, Stian Thorgersen wrote:
> I've written up some thoughts on improving the model for 2.x at
> https://docs.google.com/a/redhat.com/document/d/1ZmPjlJYvk_fwYvnWxz1E49ioZFZa3kfYCI1xE5gVClc/pub
>
>
>
>
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-dev/attachments/20160303/96d15b0b/attachment.html
More information about the keycloak-dev
mailing list