commit
afe15d5db0
2 changed files with 4 additions and 4 deletions
|
@ -28,7 +28,7 @@ Being based on {{book.project.name}} Authentication Server, you can obtain attri
|
||||||
|
|
||||||
=== The Authorization Process
|
=== The Authorization Process
|
||||||
|
|
||||||
Two main processes define the necessary steps to understand how to use KC to enable fine-grained authorization to your applications:
|
Three main processes define the necessary steps to understand how to use KC to enable fine-grained authorization to your applications:
|
||||||
|
|
||||||
* *Resource Management*
|
* *Resource Management*
|
||||||
* *Permission and Policy Management*
|
* *Permission and Policy Management*
|
||||||
|
@ -55,7 +55,7 @@ you may want to define specific policies for _Alice Account_ (a resource instanc
|
||||||
Resources can be managed using {{book.project.name}} Administration Console or the link:../service/protection-api.html[Protection API]. In the latter case, resource servers are able to
|
Resources can be managed using {{book.project.name}} Administration Console or the link:../service/protection-api.html[Protection API]. In the latter case, resource servers are able to
|
||||||
manage their resources remotely.
|
manage their resources remotely.
|
||||||
|
|
||||||
Scopes usually represent the actions that can be performed on a resource, but they are not limited to that. You can also use scopes to represent a single or multiple attributes belonging to a resource.
|
Scopes usually represent the actions that can be performed on a resource, but they are not limited to that. You can also use scopes to represent a single or multiple attributes within a resource.
|
||||||
|
|
||||||
==== Permission and Policy Management
|
==== Permission and Policy Management
|
||||||
|
|
||||||
|
@ -138,7 +138,7 @@ For more information, see link:../service/authorization-api.html[Authorization A
|
||||||
|
|
||||||
=== Entitlement API
|
=== Entitlement API
|
||||||
|
|
||||||
The *Entitlement API* provides a 1-legged protocol to issue RPTs. Unlink the_Authorization API, the Entitlement API only expects an ID Token.
|
The *Entitlement API* provides a 1-legged protocol to issue RPTs. Unlike the_Authorization API_, the Entitlement API only expects an ID Token.
|
||||||
|
|
||||||
From this API you can obtain all the entitlements or permissions for an user (based on the resources managed by a given resource server) or just the entitlements for a set of
|
From this API you can obtain all the entitlements or permissions for an user (based on the resources managed by a given resource server) or just the entitlements for a set of
|
||||||
one or more resources.
|
one or more resources.
|
||||||
|
|
|
@ -53,7 +53,7 @@ A permission associates the object being protected and the policies that must be
|
||||||
{{book.project.name}} provides a rich platform for building from the most simple to the more complex permissions. It provides great flexibility and helps to:
|
{{book.project.name}} provides a rich platform for building from the most simple to the more complex permissions. It provides great flexibility and helps to:
|
||||||
|
|
||||||
* Reduce code refactoring and permission management costs
|
* Reduce code refactoring and permission management costs
|
||||||
* Support a more flexible security model where you can easily change
|
* Support a more flexible security model, helping you to easily adapt to changes to your security requirements
|
||||||
* Make changes at runtime given that applications only care about the resources and scopes being protect and not how they are actually protected
|
* Make changes at runtime given that applications only care about the resources and scopes being protect and not how they are actually protected
|
||||||
|
|
||||||
==== Policy
|
==== Policy
|
||||||
|
|
Loading…
Reference in a new issue