Keycloak support for UMA 2.0
Hi All, Keycloak [1] project is now supporting UMA 2.0. Except for claims gathering flow, most of the specification is implemented. The main features we support are: * Resource registration In a nutshell, the only thing we don't have yet from UMA specs is claims gathering flow. Documentation is here [1]. A simple example app (photoz) using UMA can be checked here [2]. We have extended the Protection API to include a new endpoint to manage user permissions [3]. It was a result of contributions from the community in order allow RSs to associate/manage custom policies for resources while still letting users manage them. While we don't have support for claims gathering, RSs are allowed to push claims when creating a permission ticket [4]. Will summarize those points and prepare the e-mail. Thanks. Pedro Igor [1] https://www.keycloak.org/docs/latest/authorization_ services/index.html#_service_user_managed_access [2] https://github.com/keycloak/keycloak-quickstarts/tree/latest/app-authz- uma-photoz [3] https://www.keycloak.org/docs/latest/authorization_ services/index.html#_service_authorization_uma_policy_api [4] https://www.keycloak.org/docs/latest/authorization_ services/index.html#_service_protection_permission_api_papi
Sorry, sent the e-mail before completing it :). Please, ignore the first one. Hi All, Keycloak [1] project is now supporting UMA 2.0. Except for claims gathering flow, most of the specification is implemented. Documentation is available here [2]. The main features we support are: * Resource registration * Permission Ticket management In a nutshell, the only thing we don't have yet from UMA specs is claims gathering flow. Documentation is here [1]. A simple example app (photoz) using UMA can be checked here [2]. We have extended the Protection API to include a new endpoint to manage user permissions [3]. It was a result of contributions from the community in order allow RSs to associate/manage custom policies for resources while still letting users manage them. While we don't have support for claims gathering, RSs are allowed to push claims when creating a permission ticket [4]. Will summarize those points and prepare the e-mail. [1] https://www.keycloak.org <https://www.keycloak.org/docs/latest/authorization_services/index.html#_service_user_managed_access> [2] https://www.keycloak.org/docs/latest/authorization_servi ces/index.html#_service_user_managed_access Thanks. Pedro Igor On Tue, Aug 7, 2018 at 9:14 AM, Pedro Igor Silva <psilva@redhat.com> wrote:
Hi All,
Keycloak [1] project is now supporting UMA 2.0. Except for claims gathering flow, most of the specification is implemented.
The main features we support are:
* Resource registration
In a nutshell, the only thing we don't have yet from UMA specs is claims gathering flow. Documentation is here [1]. A simple example app (photoz) using UMA can be checked here [2].
We have extended the Protection API to include a new endpoint to manage user permissions [3]. It was a result of contributions from the community in order allow RSs to associate/manage custom policies for resources while still letting users manage them.
While we don't have support for claims gathering, RSs are allowed to push claims when creating a permission ticket [4].
Will summarize those points and prepare the e-mail.
Thanks. Pedro Igor
[1] https://www.keycloak.org/docs/latest/authorization_servi ces/index.html#_service_user_managed_access [2] https://github.com/keycloak/keycloak-quickstarts/tree/ latest/app-authz-uma-photoz [3] https://www.keycloak.org/docs/latest/authorization_servi ces/index.html#_service_authorization_uma_policy_api [4] https://www.keycloak.org/docs/latest/authorization_servi ces/index.html#_service_protection_permission_api_papi
Hi All, Keycloak [1] project is now supporting UMA 2.0. Except for claims gathering flow, most of the specification is implemented. Documentation is available here [2]. We would appreciate any feedback in order to improve our UMA 2.0 support. The main features we support are: * Resource and Permission management through Protection API * Policy enforcers (for different web containers) supporting UMA 2.0 flow * Changes to Keycloak Account Service to allow resource owners to manage permissions for their resources If you want to try it out, we have an example application (photoz) [3] that is available in our repository. Thanks and sorry for sending all these e-mails :) Regards. Pedro Igor [1] https://www.keycloak.org [2] https://www.keycloak.org/docs/latest/authorization_services/index.html#_serv... [3] https://github.com/keycloak/keycloak-quickstarts/tree/latest/app-authz- uma-photoz Thanks. On Tue, Aug 7, 2018 at 9:17 AM, Pedro Igor Silva <psilva@redhat.com> wrote:
Sorry, sent the e-mail before completing it :). Please, ignore the first one.
Hi All,
Keycloak [1] project is now supporting UMA 2.0. Except for claims gathering flow, most of the specification is implemented. Documentation is available here [2].
The main features we support are:
* Resource registration * Permission Ticket management
In a nutshell, the only thing we don't have yet from UMA specs is claims gathering flow. Documentation is here [1]. A simple example app (photoz) using UMA can be checked here [2].
We have extended the Protection API to include a new endpoint to manage user permissions [3]. It was a result of contributions from the community in order allow RSs to associate/manage custom policies for resources while still letting users manage them.
While we don't have support for claims gathering, RSs are allowed to push claims when creating a permission ticket [4].
Will summarize those points and prepare the e-mail.
[1] https://www.keycloak.org <https://www.keycloak.org/docs/latest/authorization_services/index.html#_service_user_managed_access> [2] https://www.keycloak.org/docs/latest/authorization_servi ces/index.html#_service_user_managed_access
Thanks. Pedro Igor
On Tue, Aug 7, 2018 at 9:14 AM, Pedro Igor Silva <psilva@redhat.com> wrote:
Hi All,
Keycloak [1] project is now supporting UMA 2.0. Except for claims gathering flow, most of the specification is implemented.
The main features we support are:
* Resource registration
In a nutshell, the only thing we don't have yet from UMA specs is claims gathering flow. Documentation is here [1]. A simple example app (photoz) using UMA can be checked here [2].
We have extended the Protection API to include a new endpoint to manage user permissions [3]. It was a result of contributions from the community in order allow RSs to associate/manage custom policies for resources while still letting users manage them.
While we don't have support for claims gathering, RSs are allowed to push claims when creating a permission ticket [4].
Will summarize those points and prepare the e-mail.
Thanks. Pedro Igor
[1] https://www.keycloak.org/docs/latest/authorization_servi ces/index.html#_service_user_managed_access [2] https://github.com/keycloak/keycloak-quickstarts/tree/la test/app-authz-uma-photoz [3] https://www.keycloak.org/docs/latest/authorization_servi ces/index.html#_service_authorization_uma_policy_api [4] https://www.keycloak.org/docs/latest/authorization_servi ces/index.html#_service_protection_permission_api_papi
Thanks, Pedro! *Eve Maler*Cell +1 425.345.6756 | Skype: xmlgrrl | Twitter: @xmlgrrl On Tue, Aug 7, 2018 at 5:28 AM, Pedro Igor Silva <psilva@redhat.com> wrote:
Hi All,
Keycloak [1] project is now supporting UMA 2.0. Except for claims gathering flow, most of the specification is implemented. Documentation is available here [2].
We would appreciate any feedback in order to improve our UMA 2.0 support.
The main features we support are:
* Resource and Permission management through Protection API * Policy enforcers (for different web containers) supporting UMA 2.0 flow * Changes to Keycloak Account Service to allow resource owners to manage permissions for their resources
If you want to try it out, we have an example application (photoz) [3] that is available in our repository.
Thanks and sorry for sending all these e-mails :)
Regards. Pedro Igor
[1] https://www.keycloak.org [2] https://www.keycloak.org/docs/latest/authorization_services/ index.html#_service_user_managed_access [3] https://github.com/keycloak/keycloak-quickstarts/tree/la test/app-authz-uma-photoz
Thanks.
On Tue, Aug 7, 2018 at 9:17 AM, Pedro Igor Silva <psilva@redhat.com> wrote:
Sorry, sent the e-mail before completing it :). Please, ignore the first one.
Hi All,
Keycloak [1] project is now supporting UMA 2.0. Except for claims gathering flow, most of the specification is implemented. Documentation is available here [2].
The main features we support are:
* Resource registration * Permission Ticket management
In a nutshell, the only thing we don't have yet from UMA specs is claims gathering flow. Documentation is here [1]. A simple example app (photoz) using UMA can be checked here [2].
We have extended the Protection API to include a new endpoint to manage user permissions [3]. It was a result of contributions from the community in order allow RSs to associate/manage custom policies for resources while still letting users manage them.
While we don't have support for claims gathering, RSs are allowed to push claims when creating a permission ticket [4].
Will summarize those points and prepare the e-mail.
[1] https://www.keycloak.org <https://www.keycloak.org/docs/latest/authorization_services/index.html#_service_user_managed_access> [2] https://www.keycloak.org/docs/latest/authorization_servi ces/index.html#_service_user_managed_access
Thanks. Pedro Igor
On Tue, Aug 7, 2018 at 9:14 AM, Pedro Igor Silva <psilva@redhat.com> wrote:
Hi All,
Keycloak [1] project is now supporting UMA 2.0. Except for claims gathering flow, most of the specification is implemented.
The main features we support are:
* Resource registration
In a nutshell, the only thing we don't have yet from UMA specs is claims gathering flow. Documentation is here [1]. A simple example app (photoz) using UMA can be checked here [2].
We have extended the Protection API to include a new endpoint to manage user permissions [3]. It was a result of contributions from the community in order allow RSs to associate/manage custom policies for resources while still letting users manage them.
While we don't have support for claims gathering, RSs are allowed to push claims when creating a permission ticket [4].
Will summarize those points and prepare the e-mail.
Thanks. Pedro Igor
[1] https://www.keycloak.org/docs/latest/authorization_servi ces/index.html#_service_user_managed_access [2] https://github.com/keycloak/keycloak-quickstarts/tree/la test/app-authz-uma-photoz [3] https://www.keycloak.org/docs/latest/authorization_servi ces/index.html#_service_authorization_uma_policy_api [4] https://www.keycloak.org/docs/latest/authorization_servi ces/index.html#_service_protection_permission_api_papi
_______________________________________________ WG-UMA mailing list WG-UMA@kantarainitiative.org https://kantarainitiative.org/mailman/listinfo/wg-uma
participants (2)
-
Eve Maler -
Pedro Igor Silva