Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Zero trust architecture with Keycloak
Search
Posedio
PRO
June 12, 2024
Programming
0
430
Zero trust architecture with Keycloak
Posedio
PRO
June 12, 2024
Tweet
Share
More Decks by Posedio
See All by Posedio
What is a platform?
posedio
PRO
0
46
Unsealing Vault
posedio
PRO
0
16
Modern data observability
posedio
PRO
0
16
Lost Jobs, Zombie Tasks and AirFlow Nightmares: A debugging Deep Dive
posedio
PRO
0
35
Designing Zero Trust Systems
posedio
PRO
0
29
Platform user's remorse
posedio
PRO
0
140
Go KonMari on your SQL
posedio
PRO
0
25
Rolling out digital receipts on GCP infrastructure
posedio
PRO
0
24
API First revisited - where did we take a left turn?
posedio
PRO
0
65
Other Decks in Programming
See All in Programming
CSC305 Lecture 10
javiergs
PRO
0
220
AkarengaLT vol.38
hashimoto_kei
1
110
その面倒な作業、「Dart」にやらせませんか? Flutter開発者のための業務効率化
yordgenome03
1
140
Le côté obscur des IA génératives
pascallemerrer
0
150
Webサーバーサイド言語としてのRustについて
kouyuume
0
2.7k
あなたとKaigi on Rails / Kaigi on Rails + You
shimoju
0
170
NixOS + Kubernetesで構築する自宅サーバーのすべて
ichi_h3
0
1.1k
The Past, Present, and Future of Enterprise Java
ivargrimstad
0
350
Go言語はstack overflowの夢を見るか?
logica0419
0
500
PHPに関数型の魂を宿す〜PHP 8.5 で実現する堅牢なコードとは〜 #phpcon_hiroshima / phpcon-hiroshima-2025
shogogg
1
310
Claude CodeによるAI駆動開発の実践 〜そこから見えてきたこれからのプログラミング〜
iriikeita
0
310
AIと人間の共創開発!OSSで試行錯誤した開発スタイル
mae616
2
760
Featured
See All Featured
The Cult of Friendly URLs
andyhume
79
6.6k
Keith and Marios Guide to Fast Websites
keithpitt
411
23k
Distributed Sagas: A Protocol for Coordinating Microservices
caitiem20
333
22k
YesSQL, Process and Tooling at Scale
rocio
173
14k
Side Projects
sachag
455
43k
The Art of Programming - Codeland 2020
erikaheidi
56
14k
RailsConf & Balkan Ruby 2019: The Past, Present, and Future of Rails at GitHub
eileencodes
140
34k
Performance Is Good for Brains [We Love Speed 2024]
tammyeverts
12
1.2k
"I'm Feeling Lucky" - Building Great Search Experiences for Today's Users (#IAC19)
danielanewman
230
22k
Practical Tips for Bootstrapping Information Extraction Pipelines
honnibal
PRO
23
1.5k
Dealing with People You Can't Stand - Big Design 2015
cassininazir
367
27k
Bootstrapping a Software Product
garrettdimon
PRO
307
110k
Transcript
None
WHAT’S IN IT FOR ME 1. Conventional vs. zero trust
architecture 2. User identity vs. machine identity 3. Platform example vs. application example 4.What should I use in my project?
3 HI • Damjan Gjurovski • Software all-rounder J •
Set up Keycloak and zero trust in a large developer platform, worked on some Keycloak plugins
CONVENTIONAL VS. ZERO TRUST ARCHITECTURE 1
5 PERIMETER- BASED SECURITY • Network perimeter • DMZ and
internal zone • Trust those inside the zone • Check all entry points
6 ZERO TRUST • Push security controls down • Always
verify authentication and authorization • Follow the principle of least privilege
7 THE ROOT OF TRUST PROBLEM • Turtles all the
way down • Who compiles the compiler https://www.cs.cmu.edu/~rdriley/487/papers/Thompson_1984_ReflectionsonTrustingTrust.pdf
USER IDENTITY VS. MACHINE IDENTITY 2
9 USER IDENTITY • User accounts • Groups, roles, permissions
bound to work roles • Least privilege according to current task/role https://gist.github.com/angelo-v/e0208a18d455e2e6ea3c40ad637aac53
10 MACHINE IDENTITY • Service accounts • Groups and permissions
bound to use-case, type or network perimeter • Least privilege is difficult
PLATFORM EXAMPLE VS. APPLICATION EXAMPLE 3
12 THE PLATFORM • Keycloak • JWTs • Identity federation
• Istio • OAuth proxy • OPA • Vault • Kubernetes • GCP
13 PLATFORM
14 THE APPLICATION • Keycloak • OPA • Vault •
Kubernetes
WHAT SHOULD I USE IN MY PROJECT 4
16 THIS IS THE WAY • Use Keycloak J •
Use zero trust • Reconsider JWTs • Prioritize user identities
17 WANT TO KEEP THE DISCUSSION GOING? MESSAGE ME ON
LINKEDIN!