-
Notifications
You must be signed in to change notification settings - Fork 128
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
f8052dc
commit 7088ea7
Showing
1 changed file
with
45 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,45 @@ | ||
| :title: Recap from Keycloak at KubeCON EU 2024 and cloudnativecon | ||
| :date: 2024-03-27 | ||
| :publish: false | ||
| :author: Thomas Darimont | ||
|
|
||
| After a packed week of awesome talks at https://events.linuxfoundation.org/kubecon-cloudnativecon-europe[KubeCON EU and CloudNativeCon 2024 in Paris] we’d like to share our impressions with the rest of the Keycloak community. | ||
|
|
||
| == Keycloak and OAuth2 Token Exchange for Microservice API Security | ||
|
|
||
| To us the presence of Keycloak in numerous presentations highlighted its importance in the cloud-native ecosystem. Notably, the talk “OAuth2 Token | ||
| Exchange for Microservice API Security” by Ahmet Soormally & Letz Yaara on https://oauth.net/2/token-exchange[OAuth2 Token Exchange (RFC 8693)] underscored its application in | ||
| microservice security and pinpointed areas for Keycloak's enhancement. Efforts to advance the support for Token Exchange are underway, and community feedback is | ||
| invaluable. Please join the https://github.com/keycloak/keycloak/discussions/26502[discussion on the current usage of Token Exchange] to help us out. | ||
|
|
||
| Talk https://kccnceu2024.sched.com/event/1YeLf/oauth2-token-exchange-for-microservice-api-security-ahmet-soormally-letz-yaara-tyk?iframe=no&w=100%&sidebar=yes&bg=no[slides] https://www.youtube.com/watch?v=09GhdXhiv0Q[video] | ||
|
|
||
| == Keycloak and the Secrets of the Universe at CERN | ||
|
|
||
| A standout moment was learning about Keycloak's role at CERN in the talk “The Hard Life of Securing a Particle Accelerator”, as shared by | ||
| Antonio Nappi and Sebastian Lopienski, emphasising its contribution to securing the particle accelerator's IAM infrastructure. | ||
| Keycloak supports the research for the nature of the universe, how cool is that?! | ||
|
|
||
| Talk https://static.sched.com/hosted_files/kccnceu2024/bf/KubeConEU24_HardLifeSecAccel.pdf[slides] https://www.youtube.com/watch?v=rqDrrTKzNd8[video] | ||
|
|
||
| == Keycloak, OpenFGA and Kubernetes Authorizer | ||
|
|
||
| Additionally, Jonathan Whitaker's talk “Federated IAM for Kubernetes with OpenFGA” on federated IAM with OpenFGA showcased innovative | ||
| approaches for managing access to Kubernetes resources through the combination of Keycloak, https://openfga.dev/[OpenFGA] and a https://kubernetes.io/docs/reference/access-authn-authz/authorization/[custom Kubernetes Authorizer Web Hook]. In particular the demonstration of temporarily elevated access to Kubernetes resources was very well received. | ||
|
|
||
| Talk https://static.sched.com/hosted_files/kccnceu2024/0d/Federated%20IAM%20for%20Kubernetes%20with%20OpenFGA.pdf[slides] https://www.youtube.com/watch?v=UaK1EnRgrng[video] | ||
|
|
||
| == Keycloak: The Leading Edge of AuthN and AuthZ | ||
|
|
||
| Last but not least our session, "The Leading Edge of AuthN and AuthZ by Keycloak" presented by Takashi Norimatsu | ||
| and myself, introduced the latest Keycloak advancements, including support for https://passkeys.dev[Passkeys], https://oauth.net/2.1[OAuth 2.1] , and OpenID for Verifiable Credentials (https://oauth.net/openid-for-verifiable-credentials[OpenID4VC]). As part of our talk, we demonstrated the current https://www.keycloak.org/docs/latest/server_admin/index.html#passkeys_server_administration_guide[support for Passkeys] and https://github.com/thomasdarimont/keycloak-opa-authz-demo[some integration options] with https://www.openpolicyagent.org[Open Policy Agent]. | ||
|
|
||
| Talk https://static.sched.com/hosted_files/kccnceu2024/76/Norimatsu_KubeConEU2024_Paris.pdf[slides1] https://static.sched.com/hosted_files/kccnceu2024/91/15min_Flexible%20Authorization%20for%20Keycloak%20with%20Open%20Policy%20Agent%20Thomas%20Darimont.pdf[slides2] https://www.youtube.com/watch?v=DMwPjsG4wIM[video] | ||
|
|
||
| == Summary | ||
|
|
||
| Keycloak is an essential pillar of many cloud-native systems and made a significant impact at the conference, attracting thousands of Kubernetes and cloud-native professionals. | ||
|
|
||
| The engagement and collaborative spirit of the cloud-native community were genuinely inspiring, underscoring the collective drive to enhance and innovate within this vibrant ecosystem. | ||
|
|
||
| We're very proud and happy to be part of this fantastic community. |