FIWARE Keyrock is the reference implementation of the Identity Manager (IdM) Generic Enabler specification. It is based on Openstack Horizon and Keystone.
Keyrock is responsible for authentication and authorization processes, together with PEP Proxy. An application or a user, that wants to access a protected service, authenticates with Keyrock IdM and gets an OAuth2 token. With this token, the application/user requests something to the protected service, reaching the PEP Proxy. The PEP Proxy gets the received token and validates it with Keyrock IdM. Once the token is valid, the application/user gets successful access to the protected service; otherwise, the access is denied.
Currently, the main concepts of Keyrock are:
- Users
- Have a registered account in Keyrock.
- Can manage organizations and register applications.
- Organizations
- Are group of users that share resources of an application (roles and permissions).
- Users can be members or owners (manage the organization).
- Applications
- It has the client role in the OAuth 2.0 architecture and will request protected user data. More information can be found in OAuth section.
- Are able to authenticate users using their Oauth credentials (id and secret) which unequivocally identify the application.
- Define roles and permissions to manage authorization of users and organizations.
- Can register Pep Proxy to protect backends.
- Can register IoT Agents.
More information: https://fiware-idm.readthedocs.io/en/latest/
