Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Zero trust architecture with Keycloak
Search
Posedio
PRO
June 12, 2024
Programming
0
110
Zero trust architecture with Keycloak
Posedio
PRO
June 12, 2024
Tweet
Share
More Decks by Posedio
See All by Posedio
Flink in two nutshells
posedio
PRO
0
11
Taming the Codebase: Strategies for Refactoring Legacy Code
posedio
PRO
0
10
The Future of Data Sharing
posedio
PRO
0
43
Is your spring boot application in Kubernetes secure?
posedio
PRO
0
55
Site Reliability Engineering: Getting C-Level Support
posedio
PRO
0
12
Controlling Data in Gaia-X
posedio
PRO
0
14
The REWE Data Platform
posedio
PRO
0
33
Key Insights from Using Kafka in Large-Scale Projects
posedio
PRO
0
64
We tried to sell a cake for 1 Billion Euro... then build a data mesh
posedio
PRO
0
14
Other Decks in Programming
See All in Programming
2万ページのSSG運用における工夫と注意点 / Vue Fes Japan 2024
chinen
3
1.1k
CSC305 Lecture 09
javiergs
PRO
0
120
Universal Linksの実装方法と陥りがちな罠
kaitokudou
1
210
讓數據說話:用 Python、Prometheus 和 Grafana 講故事
eddie
0
230
CPython 인터프리터 구조 파헤치기 - PyCon Korea 24
kennethanceyer
0
110
Kubernetes for Data Engineers: Building Scalable, Reliable Data Pipelines
sucitw
1
120
Vitest Browser Mode への期待 / Vitest Browser Mode
odanado
PRO
2
1.5k
Vue3の一歩踏み込んだパフォーマンスチューニング2024
hal_spidernight
3
2.5k
Prompt Engineering for Developers @ AWS Community Day Adria 2024
slobodan
0
110
Modern Angular with Lightweight Stores: New Rules and Options
manfredsteyer
PRO
0
220
Synchronizationを支える技術
s_shimotori
1
130
Vue SFCのtemplateでTypeScriptの型を活用しよう
tsukkee
3
1.3k
Featured
See All Featured
Learning to Love Humans: Emotional Interface Design
aarron
272
40k
5 minutes of I Can Smell Your CMS
philhawksworth
202
19k
The Language of Interfaces
destraynor
154
24k
How to train your dragon (web standard)
notwaldorf
88
5.6k
Designing the Hi-DPI Web
ddemaree
280
34k
Fashionably flexible responsive web design (full day workshop)
malarkey
404
65k
How to Ace a Technical Interview
jacobian
275
23k
Fantastic passwords and where to find them - at NoRuKo
philnash
50
2.8k
ReactJS: Keep Simple. Everything can be a component!
pedronauck
664
120k
YesSQL, Process and Tooling at Scale
rocio
167
14k
Testing 201, or: Great Expectations
jmmastey
38
7k
How STYLIGHT went responsive
nonsquared
95
5.1k
Transcript
None
WHAT’S IN IT FOR ME 1. Conventional vs. zero trust
architecture 2. User identity vs. machine identity 3. Platform example vs. application example 4.What should I use in my project?
3 HI • Damjan Gjurovski • Software all-rounder J •
Set up Keycloak and zero trust in a large developer platform, worked on some Keycloak plugins
CONVENTIONAL VS. ZERO TRUST ARCHITECTURE 1
5 PERIMETER- BASED SECURITY • Network perimeter • DMZ and
internal zone • Trust those inside the zone • Check all entry points
6 ZERO TRUST • Push security controls down • Always
verify authentication and authorization • Follow the principle of least privilege
7 THE ROOT OF TRUST PROBLEM • Turtles all the
way down • Who compiles the compiler https://www.cs.cmu.edu/~rdriley/487/papers/Thompson_1984_ReflectionsonTrustingTrust.pdf
USER IDENTITY VS. MACHINE IDENTITY 2
9 USER IDENTITY • User accounts • Groups, roles, permissions
bound to work roles • Least privilege according to current task/role https://gist.github.com/angelo-v/e0208a18d455e2e6ea3c40ad637aac53
10 MACHINE IDENTITY • Service accounts • Groups and permissions
bound to use-case, type or network perimeter • Least privilege is difficult
PLATFORM EXAMPLE VS. APPLICATION EXAMPLE 3
12 THE PLATFORM • Keycloak • JWTs • Identity federation
• Istio • OAuth proxy • OPA • Vault • Kubernetes • GCP
13 PLATFORM
14 THE APPLICATION • Keycloak • OPA • Vault •
Kubernetes
WHAT SHOULD I USE IN MY PROJECT 4
16 THIS IS THE WAY • Use Keycloak J •
Use zero trust • Reconsider JWTs • Prioritize user identities
17 WANT TO KEEP THE DISCUSSION GOING? MESSAGE ME ON
LINKEDIN!