December 14 - 15, 2021 | Virtual Event
View More Details for Open Source Summit
View More Details for Automotive Linux Summit
Register for OSS + ALS Japan

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for Open Source Summit Japan + Automotive Linux Summit to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

Please note: This schedule is automatically displayed in Japan Standard Time (UTC+09:00). To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date." The schedule is subject to change.
Back To Schedule
Wednesday, December 15 • 11:00 - 11:50
Lightweight Zero-trust Network Implementation and Transition with Keycloak and NGINX - Yoshiyuki Tabata, Hitachi, Ltd.

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
In the world of microservice, where various services expose their APIs, it's much difficult to define a security boundary between the public network and the private network. So we need to consider introducing "zero-trust network" to secure each service independently. The technologies underlying zero-trust network are mutual TLS and JWT validation. It is hard to achieve zero-trust network because it typically requires rich resources and architecture modification, especially in the case of using service mesh. In those systems that have limited resources or hard to modify their architecture, the way how to implement it lightly or transit it from the traditional security boundary definition smoothly is requested, something like a lightweight zero-trust network only achieving the underlying technologies. In this presentation, Yoshiyuki Tabata proposes "lightweight zero-trust network" to achieve mutual TLS and JWT validation by only NGINX and Keycloak, an open-source implementation of OAuth2 authz server and widely used in production. And also he proposes how to transit it from the traditional security boundary definition to per service/pod definition smoothly, that is, with changing little setting files. Furthermore, he tackles on chokepoint issue of OAuth2 authz server with OPA.

avatar for Yoshiyuki Tabata

Yoshiyuki Tabata

Software Engineer, Hitachi, Ltd.
Yoshiyuki Tabata is a software engineer of the Architecture Center at Hitachi, Ltd, responsible for Authentication/Authorization and API-related solutions. As an authentication and authorization expert, he has provided numerous consultations, for example designing and building API/SSO... Read More →

Wednesday December 15, 2021 11:00 - 11:50 JST
Cloud Theater
  Cloud Native Development