[keycloak-user] Authorization: proof of ownership
Corentin Dupont
corentin.dupont at gmail.com
Wed Nov 22 12:46:46 EST 2017
In my use case, the user can "claim" resources. But to do that, he need to
prove that he is the rightful owner.
In practice, the user possess objects called "sensor nodes". Those are just
little boxes with a tag on it.
The tag has a number that the user can transmit to prove that he is owning
physically the object.
So my idea was to provide an endpoint able to change the owner of the
resource, based on the tag number.
Using our example, the endpoint to claim a resource could look like:
curl -X PUT http://www.example.com/api/v1/houses/MyHouse/owner -d '{
"owner": "smith"
"proof": "XXXXXXX"
}'
A policy would check that the proof is valid, by matching it against a
database.
If accepted, then the resource owner should be changed.
Do you think this is a good protocol?
How to write the policy to authorize the owner change at Keycloak level?
I don't see how to transmit the proof number when performing the
authorization request (with the entitlement API).
More information about the keycloak-user
mailing list