[KEYCLOAK-6529] - Resource Attributes

authorization_services/topics/policy-evaluation-api.adoc

@@ -5,8 +5,8 @@ When writing rule-based policies using JavaScript or JBoss Drools, {project_name
 
 This API consists of a few interfaces that provides you access to information such as:
 
-* The permission being requested
-* The identity that is requesting the permission, from which you can obtain claims/attributes
+* The permission being evaluated, representing both the resource and scopes being requested.
+* Obtain attributes associated with the resource being requested
 * Runtime environment and any other attribute associated with the execution context
 * Information about users such as group membership and roles
 

authorization_services/topics/resource-create.adoc

@@ -31,11 +31,21 @@ is usually the relative path used to serve these resources.
 +
 One or more scopes to associate with the resource.
 
+== Resource Attributes
+
+Resources may have attributes associated with it. These attributes can be used to provide additional information
+about a resource and to provide additional information to policies when evaluating permissions associated with a resource.
+
+Each attribute is a key and value pair where the value can be a set of one or main strings. Multiple values can be defined
+for an attribute by separating each value with a comma.
+
+
 == Typed Resources
 
 The type field of a resource can be used to group different resources together, so they can be protected using a common set of permissions.
 
 == Resource Owners
+
 Resources also have an owner. By default, resources are owned by the resource server.
 
 However, resources can also be associated with users, so you can create permissions based on the resource owner. For example, only the resource owner is allowed to delete or update a given resource.