[keycloak-user] [keycloak-dev] Keycloak Proxy Rename

Fox, Kevin M Kevin.Fox at pnnl.gov
Wed Aug 22 12:09:32 EDT 2018 

yeah, keycloak-envoy implies istio/envoy to me.


Still thinking proxy and oidc in the title is important. maybe not keycloak if its goal is to be not keycloak only.

Thanks,
Kevin
________________________________
From: Jan Lieskovsky [jlieskov at redhat.com]
Sent: Wednesday, August 22, 2018 1:51 AM
To: Sebastian Laskawiec
Cc: Stian Thorgersen; keycloak-dev; keycloak-user; Fox, Kevin M
Subject: Re: [keycloak-dev] [keycloak-user] Keycloak Proxy Rename

Added keycloak-envoy, keycloak-intermediary, and keycloak-mediator for the considerations there yet
(unsure though having keycloak-envoy wouldn't induce same feature expectations [thus load balancing,
fault injection etc.] with istio-envoy for those familiar with istio).

On Wed, Aug 22, 2018 at 3:52 AM, Sebastian Laskawiec <slaskawi at redhat.com<mailto:slaskawi at redhat.com>> wrote:
So if Keycloak Proxy is not an option (nor anything similar to that), I
would also stay away from anything close to the "adapter".

Therefore, +1 to Keycloak Gatekeeper (@Bruno, I changed my vote in the
Polly).

On Tue, Aug 21, 2018 at 11:58 PM Stian Thorgersen <sthorger at redhat.com<mailto:sthorger at redhat.com>>
wrote:

> Sure, proxy is the obvious name, but for reasons already mentioned by Bruno
> it's not really an option for us.
>
> It comes from the Keycloak team, so it should have the Keycloak name in it.
> I agree that doesn't automatically state it's a generic OIDC adapter, but
> I'd like to keep our name in there.
>
> >From the suggestions so far there are two I like:
>
> * Keycloak Gatekeeper - suggested by Thomas on the poll. I really like this
> and it fits nicely with Keycloak. It's also so much cooler than
> proxy/standalone/etc.
> * Keycloak Standalone Adapter
>
> On Tue, 21 Aug 2018 at 04:27, Fox, Kevin M <Kevin.Fox at pnnl.gov<mailto:Kevin.Fox at pnnl.gov>> wrote:
>
> > Coming from the outside world, I mostly searched for oidc and proxy as
> > thats what I needed. I found oauth2_proxy after a little searching, but
> > have been disappointed in how slow its releases are. Bugs aren't getting
> > fixed quickly. When I looked at keycloak-proxy initially, I didn't look
> > closer for a while as i thought is was keycloak specific.
> >
> > So, something like oidc-proxy might get you more successful hits.
> >
> > Thanks,
> > Kevin
> > ________________________________________
> > From: keycloak-user-bounces at lists.jboss.org<mailto:keycloak-user-bounces at lists.jboss.org> [
> > keycloak-user-bounces at lists.jboss.org<mailto:keycloak-user-bounces at lists.jboss.org>] on behalf of Alex Szczuczko [
> > aszczucz at redhat.com<mailto:aszczucz at redhat.com>]
> > Sent: Monday, August 20, 2018 2:04 PM
> > To: Bruno Oliveira; Hynek Mlnarik
> > Cc: keycloak-dev; keycloak-user
> > Subject: Re: [keycloak-user] Keycloak Proxy Rename
> >
> > In thinking a new name, I tried to look hard at these things:
> >
> >     1. what this software actually does.
> >
> >     2. what makes this software desirable to a user.
> >
> >     3. what "adapter" has meant for keycloak in the past.
> >
> > I'm not the best person to answer these questions, but here's what I've
> > dug up:
> >
> >     1. Accepts HTTP requests and talks with Keycloak via OIDC to see if
> >     the client it serves should treat the requests as authenticated
> >     and/or authorized.
> >
> >     2. It avoids the need to install a bit of Keycloak software into the
> >     users' applications.
> >
> >     3. According to the docs[1]: Keycloak client adapters are libraries
> >     that makes it very easy to secure applications and services with
> >     Keycloak ... our adapters easy to use and they require less
> >     boilerplate code than what is typically required by a library.
> >
> > #1 is what we've been focusing on with names like "proxy". The reasons
> > such names are dissatisfying is there is nothing unique about sitting in
> > between two endpoints and doing stuff. So, we need to look at what that
> > "stuff" means for Keycloak.
> >
> > #3 in combination with #2 tells us what this "stuff" means for Keycloak.
> > This new software is clearly not an adapter. Actually, this new software
> > accomplishes the mission of an adapter better than adapters themselves!
> >
> > Following that logic, Superadapter is my main proposal for a new name.
> > Maybe throw in OIDC (oidc-superadapter) if there's ever going to be a
> > saml-superadapter.
> >
> > Alternatively, we could focus on the lack of an adapter, with names
> > based on terms like Adapterless:
> >
> >     - AKI: Adapterless Keycloak Integrator
> >     - KOSA: Keycloak OIDC Sans-Adapter
> >     - AKOS: Adapterless Keycloak OIDC Server
> >     - KOAF: Keycloak OIDC Adapter-Free
> >     - etc...
> >
> > Alex
> >
> > [1]
> >
> https://www.keycloak.org/docs/latest/securing_apps/index.html#what-are-client-adapters
> >
> > Quoting Bruno Oliveira (2018-08-20 09:54:42)
> > > Only to give a brief context for people not aware of it. Keycloak
> > > Generic Adapter was not well accepted, because the naming is too
> > > vague. So we have to reopen this discussion and think about a better
> > > naming.
> > >
> > > During our team call today I suggested just "keycloak-adapter", which
> > > would cover the apps which don't have its own specific adapter
> > > solution.
> > >
> > > That said, maybe we should open a new poll? I just created a new one
> > > where people can vote/suggest:
> > >
> > > https://poll.ly/#/Lbww4ebG
> >
> > _______________________________________________
> > keycloak-user mailing list
> > keycloak-user at lists.jboss.org<mailto:keycloak-user at lists.jboss.org>
> > https://lists.jboss.org/mailman/listinfo/keycloak-user
> >
> > _______________________________________________
> > keycloak-user mailing list
> > keycloak-user at lists.jboss.org<mailto:keycloak-user at lists.jboss.org>
> > https://lists.jboss.org/mailman/listinfo/keycloak-user
> >
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org<mailto:keycloak-user at lists.jboss.org>
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
_______________________________________________
keycloak-dev mailing list
keycloak-dev at lists.jboss.org<mailto:keycloak-dev at lists.jboss.org>
https://lists.jboss.org/mailman/listinfo/keycloak-dev

More information about the keycloak-user mailing list