Explore a lightweight approach to implementing and transitioning to a zero-trust network using Keycloak and NGINX in this 27-minute conference talk presented by Yoshiyuki Tabata from Hitachi, Ltd. at a Linux Foundation event. Delve into underlying technologies such as JWT validation and OAuth MTLS (RFC 8705), and gain insights into Keycloak's role in the process. Learn about security boundary transition scenarios, including changing API Gateway to NGINX Ingress Controller and shifting security boundaries to per-service and per-pod levels. Discover techniques for achieving JWT validation for east-west traffic and examine potential chokepoints in the system. The talk concludes with a discussion on caching token introspection responses as a possible solution.
Lightweight Zero-Trust Network Implementation and Transition with Keycloak and NGINX
Overview
Syllabus
Intro
Session Overview (1/3)
Underlying technology 1.JWT validation
Underlying technology 2' - OAuth MTLS (RFC 8705)
What is Keycloak?
Security boundary transition scenario
Change API Gateway to NGINX Ingress Controller
Shift security boundary to per service
Shift security boundary to per pod
How to achieve JWT validation (east-west traffic)
Where is the chokepoint?
Option A: Cache token introspection responses
Summary
Taught by
Linux Foundation
