The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for KubeCon + CloudNativeCon North America 2023 to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.
Please note: This schedule is automatically displayed in Central Standard Time (UTC -6). To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date." The schedule is subject to change.
In the OWASP API Security Top 10 2023, three of the top 5 vulnerabilities include the word "authorization (authz)", authz is becoming more important for security considerations. Authz is often developed from scratch, however, along with the expanded service, the authz logic often becomes low scalability due to the increase in authz targets, attributes, and combinations. In such cases, it is common to introduce an authz service. Keycloak, an IAM OSS, also has an authz service. Keycloak has OAuth2 authz server capabilities, too, so by using the authz service, it is possible to centrally manage data related to authentication (authn) and authz. In this session, Yoshiyuki Tabata explains how to implement scalable authz using Keycloak and how to combine it with OPA to avoid Keycloak becoming SPOF and improve authz performance. Furthermore, by combining with CockroachDB, he introduces an authn and authz solution that withstands regional failures and operates in multi-cloud environments.
He's a Senior OSS Consultant at Hitachi, Ltd, responsible for IAM and API-related solutions.As an authentication and authorization expert, he has provided numerous consultations, for example designing and building API/SSO systems in various fields such as finance and public. As a... Read More →