Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Zero trust architecture with Keycloak
Search
Posedio
PRO
June 12, 2024
Programming
0
360
Zero trust architecture with Keycloak
Posedio
PRO
June 12, 2024
Tweet
Share
More Decks by Posedio
See All by Posedio
Lost Jobs, Zombie Tasks and AirFlow Nightmares: A debugging Deep Dive
posedio
PRO
0
17
Designing Zero Trust Systems
posedio
PRO
0
21
Platform user's remorse
posedio
PRO
0
120
Go KonMari on your SQL
posedio
PRO
0
19
Rolling out digital receipts on GCP infrastructure
posedio
PRO
0
15
API First revisited - where did we take a left turn?
posedio
PRO
0
61
Solving Multi-Tenant Challenges: Apache Airflow and Cloud Composer in Action
posedio
PRO
0
51
Contract testing with Java
posedio
PRO
0
43
Flink in two nutshells
posedio
PRO
0
53
Other Decks in Programming
See All in Programming
Code as Context 〜 1にコードで 2にリンタ 34がなくて 5にルール? 〜
yodakeisuke
0
100
Result型で“失敗”を型にするPHPコードの書き方
kajitack
4
380
Railsアプリケーションと パフォーマンスチューニング ー 秒間5万リクエストの モバイルオーダーシステムを支える事例 ー Rubyセミナー 大阪
falcon8823
4
940
プロダクト志向なエンジニアがもう一歩先の価値を目指すために意識したこと
nealle
0
110
「ElixirでIoT!!」のこれまでとこれから
takasehideki
0
370
PostgreSQLのRow Level SecurityをPHPのORMで扱う Eloquent vs Doctrine #phpcon #track2
77web
2
340
CursorはMCPを使った方が良いぞ
taigakono
1
170
[初登壇@jAZUG]アプリ開発者が気になるGoogleCloud/Azure+wasm/wasi
asaringo
0
130
Blazing Fast UI Development with Compose Hot Reload (droidcon New York 2025)
zsmb
1
210
deno-redisの紹介とJSRパッケージの運用について (toranoana.deno #21)
uki00a
0
150
5つのアンチパターンから学ぶLT設計
narihara
1
110
Rubyでやりたい駆動開発 / Ruby driven development
chobishiba
1
400
Featured
See All Featured
A Tale of Four Properties
chriscoyier
160
23k
YesSQL, Process and Tooling at Scale
rocio
173
14k
Why Our Code Smells
bkeepers
PRO
337
57k
Balancing Empowerment & Direction
lara
1
370
Build The Right Thing And Hit Your Dates
maggiecrowley
36
2.8k
Side Projects
sachag
455
42k
Optimizing for Happiness
mojombo
379
70k
The Art of Programming - Codeland 2020
erikaheidi
54
13k
Building Better People: How to give real-time feedback that sticks.
wjessup
367
19k
A better future with KSS
kneath
239
17k
Agile that works and the tools we love
rasmusluckow
329
21k
Building a Modern Day E-commerce SEO Strategy
aleyda
42
7.3k
Transcript
None
WHAT’S IN IT FOR ME 1. Conventional vs. zero trust
architecture 2. User identity vs. machine identity 3. Platform example vs. application example 4.What should I use in my project?
3 HI • Damjan Gjurovski • Software all-rounder J •
Set up Keycloak and zero trust in a large developer platform, worked on some Keycloak plugins
CONVENTIONAL VS. ZERO TRUST ARCHITECTURE 1
5 PERIMETER- BASED SECURITY • Network perimeter • DMZ and
internal zone • Trust those inside the zone • Check all entry points
6 ZERO TRUST • Push security controls down • Always
verify authentication and authorization • Follow the principle of least privilege
7 THE ROOT OF TRUST PROBLEM • Turtles all the
way down • Who compiles the compiler https://www.cs.cmu.edu/~rdriley/487/papers/Thompson_1984_ReflectionsonTrustingTrust.pdf
USER IDENTITY VS. MACHINE IDENTITY 2
9 USER IDENTITY • User accounts • Groups, roles, permissions
bound to work roles • Least privilege according to current task/role https://gist.github.com/angelo-v/e0208a18d455e2e6ea3c40ad637aac53
10 MACHINE IDENTITY • Service accounts • Groups and permissions
bound to use-case, type or network perimeter • Least privilege is difficult
PLATFORM EXAMPLE VS. APPLICATION EXAMPLE 3
12 THE PLATFORM • Keycloak • JWTs • Identity federation
• Istio • OAuth proxy • OPA • Vault • Kubernetes • GCP
13 PLATFORM
14 THE APPLICATION • Keycloak • OPA • Vault •
Kubernetes
WHAT SHOULD I USE IN MY PROJECT 4
16 THIS IS THE WAY • Use Keycloak J •
Use zero trust • Reconsider JWTs • Prioritize user identities
17 WANT TO KEEP THE DISCUSSION GOING? MESSAGE ME ON
LINKEDIN!