SlideShare a Scribd company logo

Kong, Keyrock, Keycloak, i4Trust - Options to Secure FIWARE in Production

FIWARE
FIWARE

This training camp teaches you how FIWARE technologies and iSHARE, brought together under the umbrella of the i4Trust initiative, can be combined to provide the means for creation of data spaces in which multiple organizations can exchange digital twin data in a trusted and efficient manner, collaborating in the development of innovative services based on data sharing and creating value out of the data they share. SMEs and Digital Innovation Hubs (DIHs) will be equipped with the necessary know-how to use the i4Trust framework for creating data spaces!

Technology
1 of 18
Download to read offline
Kong, Keyrock, Keycloak, i4Trust - Options to secure FIWARE in production Stefan Wiedemann, Technical Lead & Architect FIWARE Foundation
1 Role of an API-Gateway in FIWARE platforms ▪ Context Broker as the central component ▪ Contacted: • from different external actors • from different internal actors • with different loads ▪ No “self-defense” mechanism We need a component to protect the platform
2 Role of an API-Gateway in FIWARE platforms ▪ Context Broker as the central component ▪ Contacted: • from different external actors • from different internal actors • with different loads ▪ No “self-defense” mechanism We need a component to protect the platform
Role of an API-Gateway in FIWARE platforms ▪ Access control: PEP-Proxy & Policy-decision Point • Allow to control who can access what ▪ Additional requirements: • Rate-limiting? • Usage-Control? • Monitoring? API-Gateway as the central entry point can provide those capabilities 3
Role of an API-Gateway in FIWARE platforms 4
Why Kong? ▪ One of the most popular and adopted solutions in the market ▪ OpenSource(and Enterprise) Version available, maintained by a huge and active community ▪ Production ready deployment tools ▪ Plugin-support: • FIWARE specific functionality can be implemented as plugin • Supports various languages, e.g lua, go and python ▪ Plugins for the additional requirements available - Kong Hub: • Rate-limiting • Usage monitoring 5
Why Kong? 6
Running Kong ▪ Multiple solutions available: Kong - Install and run ▪ Running with Helm on OpenShift: • Kong in the FIWARE demo environment ▪ Some details about the demo environment: • Uses the official Kong Helm-Chart • Extended with support for OpenShift routes • Pre-built image from FIWARE, already including the plugins • Declarative configuration via ConfigMap • Applied via GitOps - ArgoCD 7
Kong as PEP-Proxy ▪ Plugins for using Kong as a PEP in FIWARE: • ngsi-ishare-policies to enforce iTrust compliant authz/n • Keyrock as PDP - delegate role-based decisions to Keyrock • Keycloak as PDP - delegate decisions to Keycloak • External-Authz - delegate decisions to a compliant endpoint, for example the DSBA-PDP to support Verifiable Credentials 8
General plugin configuration 9 kong: … env: … plugins: bundled,pep-plugin,ngsi-ishare-policies pluginserver_names: pep-plugin pluginserver_pep_plugin_start_cmd: "/go-plugins/pep-plugin" pluginserver_pep_plugin_query_cmd: "/go-plugins/pep-plugin -dump" … dblessConfig: configMap: kong-configmap
General plugin configuration Examples: ▪ i4Trust configuration ▪ Keyrock configuration 10 services: - host: “fiware-orion-ld” name: “orion-keyrock” port: 1026 protocol: http routes: - name: orion-keyrock paths: - /keyrock strip_path: true plugins: - name: pep-plugin config: <PLUGIN_SPECIFIC_CONFIGURATION>
Keyrock configuration 11 # keyrock example - host: "fiware-orion-ld" name: "orion-keyrock" port: 1026 protocol: http routes: - name: orion-keyrock paths: - /keyrock strip_path: true plugins: - name: pep-plugin config: authorizationendpointtype: Keyrock authorizationendpointaddress: https://keyrock.fiware.dev/user keyrockappid: 7c902139-d4d0-461a-bb14-7fa29aa143fe - name: request-transformer config: remove: headers: - Authorization - authorization
i4Trust configuration 12 # i4Trust example - host: "fiware-orion-ld" name: "orion-i4trust" port: 1026 protocol: http routes: - name: orion-i4trust paths: - /i4trust strip_path: true plugins: - name: ngsi-ishare-policies config: access_token: header_names: - "authorization" - "Authorization" ar: identifier: "EU.EORI.NL000000004" host: "https://ar.isharetest.net" token_endpoint: "https://ar.isharetest.net/connect/token" delegation_endpoint: "https://ar.isharetest.net/delegation" satellite: identifier: "EU.EORI.NL000000000" host: "https://scheme.isharetest.net" token_endpoint: "https://scheme.isharetest.net/connect/token" trusted_list_endpoint: "https://scheme.isharetest.net/trusted_list" jws: identifier: … private_key: … x5c: …
Keycloak configuration 13 # keycloak example - host: "fiware-orion-ld" name: "orion-keycloak" port: 1026 protocol: http routes: - name: orion-keycloak paths: - /keycloak strip_path: true plugins: - name: pep-plugin config: authorizationendpointtype: Keycloak authorizationendpointaddress: http://fiware-keycloak:80 keycloakrealm: fiware-server keycloakclientid: orion-pep keycloakclientsecret: 978ad148-d99b-406d-83fc-578597290a79 - name: request-transformer config: remove: headers: - Authorization - authorization Keycloak Realm: https://github.com/FIWARE-Ops/fiware-gitops/blob/master/aws/fiware /keycloak/templates/realmConfigMap.yaml
Rate-limiting ▪ Rate-limiting plugin: • https://docs.konghq.com/hub/kong-inc/rate-limiting/ • Configure per route 14 - host: "fiware-orion-ld" name: "orion-limited" port: 1026 protocol: http routes: - name: orion-limited paths: - /limited strip_path: true plugins: - name: rate-limiting config: minute: 3
Monitoring ▪ Prometheus integration: • https://docs.konghq.com/hub/kong-inc/prometheus/ • Configure per route and enable scraping 15 - host: "fiware-orion-ld" name: "orion-keyrock" port: 1026 protocol: http routes: - name: orion-keyrock paths: - /keyrock strip_path: true plugins: - name: prometheus kong: podAnnotations: prometheus.io/scrape: 'true' prometheus.io/port: '9102'
Further reading ▪ i4Trust-tutorials: https://github.com/i4Trust/tutorials ▪ UI: https://github.com/pantsel/konga ▪ Plugin development: • Lua • Go ▪ Slides: https://github.com/wistefan/presentations 16
Thank you! http://fiware.org Follow @FIWARE on Twitter

Recommended

FIWARE Global Summit - NGSI-LD – an Evolution from NGSIv2
FIWARE Global Summit - NGSI-LD – an Evolution from NGSIv2FIWARE Global Summit - NGSI-LD – an Evolution from NGSIv2
FIWARE Global Summit - NGSI-LD – an Evolution from NGSIv2FIWARE
 
FIWARE Wednesday Webinars - Introduction to NGSI-LD
FIWARE Wednesday Webinars - Introduction to NGSI-LDFIWARE Wednesday Webinars - Introduction to NGSI-LD
FIWARE Wednesday Webinars - Introduction to NGSI-LDFIWARE
 
FIWARE Training: IoT and Legacy
FIWARE Training: IoT and LegacyFIWARE Training: IoT and Legacy
FIWARE Training: IoT and LegacyFIWARE
 
FIWARE Training: NGSI-LD Advanced Operations
FIWARE Training: NGSI-LD Advanced OperationsFIWARE Training: NGSI-LD Advanced Operations
FIWARE Training: NGSI-LD Advanced OperationsFIWARE
 
Session 5 - NGSI-LD Advanced Operations | Train the Trainers Program
Session 5 - NGSI-LD Advanced Operations | Train the Trainers ProgramSession 5 - NGSI-LD Advanced Operations | Train the Trainers Program
Session 5 - NGSI-LD Advanced Operations | Train the Trainers ProgramFIWARE
 
NGSI-LD IoT Agents
NGSI-LD IoT AgentsNGSI-LD IoT Agents
NGSI-LD IoT AgentsFIWARE
 
Session 2 - NGSI-LD primer & Smart Data Models | Train the Trainers Program
Session 2 - NGSI-LD primer & Smart Data Models | Train the Trainers ProgramSession 2 - NGSI-LD primer & Smart Data Models | Train the Trainers Program
Session 2 - NGSI-LD primer & Smart Data Models | Train the Trainers ProgramFIWARE
 
FIWARE Training: JSON-LD and NGSI-LD
FIWARE Training: JSON-LD and NGSI-LDFIWARE Training: JSON-LD and NGSI-LD
FIWARE Training: JSON-LD and NGSI-LDFIWARE
 

Recommended

FIWARE Global Summit - NGSI-LD – an Evolution from NGSIv2
FIWARE Global Summit - NGSI-LD – an Evolution from NGSIv2FIWARE Global Summit - NGSI-LD – an Evolution from NGSIv2
FIWARE Global Summit - NGSI-LD – an Evolution from NGSIv2FIWARE
 
FIWARE Wednesday Webinars - Introduction to NGSI-LD
FIWARE Wednesday Webinars - Introduction to NGSI-LDFIWARE Wednesday Webinars - Introduction to NGSI-LD
FIWARE Wednesday Webinars - Introduction to NGSI-LDFIWARE
 
FIWARE Training: IoT and Legacy
FIWARE Training: IoT and LegacyFIWARE Training: IoT and Legacy
FIWARE Training: IoT and LegacyFIWARE
 
FIWARE Training: NGSI-LD Advanced Operations
FIWARE Training: NGSI-LD Advanced OperationsFIWARE Training: NGSI-LD Advanced Operations
FIWARE Training: NGSI-LD Advanced OperationsFIWARE
 
Session 5 - NGSI-LD Advanced Operations | Train the Trainers Program
Session 5 - NGSI-LD Advanced Operations | Train the Trainers ProgramSession 5 - NGSI-LD Advanced Operations | Train the Trainers Program
Session 5 - NGSI-LD Advanced Operations | Train the Trainers ProgramFIWARE
 
NGSI-LD IoT Agents
NGSI-LD IoT AgentsNGSI-LD IoT Agents
NGSI-LD IoT AgentsFIWARE
 
Session 2 - NGSI-LD primer & Smart Data Models | Train the Trainers Program
Session 2 - NGSI-LD primer & Smart Data Models | Train the Trainers ProgramSession 2 - NGSI-LD primer & Smart Data Models | Train the Trainers Program
Session 2 - NGSI-LD primer & Smart Data Models | Train the Trainers ProgramFIWARE
 
FIWARE Training: JSON-LD and NGSI-LD
FIWARE Training: JSON-LD and NGSI-LDFIWARE Training: JSON-LD and NGSI-LD
FIWARE Training: JSON-LD and NGSI-LDFIWARE
 
Session 3 - i4Trust components for Identity Management and Access Control i4T...
Session 3 - i4Trust components for Identity Management and Access Control i4T...Session 3 - i4Trust components for Identity Management and Access Control i4T...
Session 3 - i4Trust components for Identity Management and Access Control i4T...FIWARE
 
FIWARE Global Summit - The Scorpio NGSI-LD Broker: Features and Supported Arc...
FIWARE Global Summit - The Scorpio NGSI-LD Broker: Features and Supported Arc...FIWARE Global Summit - The Scorpio NGSI-LD Broker: Features and Supported Arc...
FIWARE Global Summit - The Scorpio NGSI-LD Broker: Features and Supported Arc...FIWARE
 
FIWARE: Managing Context Information at large scale
FIWARE: Managing Context Information at large scaleFIWARE: Managing Context Information at large scale
FIWARE: Managing Context Information at large scaleFermin Galan
 
Data persistency (draco, cygnus, sth comet, quantum leap)
Data persistency (draco, cygnus, sth comet, quantum leap)Data persistency (draco, cygnus, sth comet, quantum leap)
Data persistency (draco, cygnus, sth comet, quantum leap)Fernando Lopez Aguilar
 
Integrating Fiware Orion, Keyrock and Wilma
Integrating Fiware Orion, Keyrock and WilmaIntegrating Fiware Orion, Keyrock and Wilma
Integrating Fiware Orion, Keyrock and WilmaDalton Valadares
 
NGSIv1 を知っている開発者向けの NGSIv2 の概要 (Orion 1.13.0対応)
NGSIv1 を知っている開発者向けの NGSIv2 の概要 (Orion 1.13.0対応)NGSIv1 を知っている開発者向けの NGSIv2 の概要 (Orion 1.13.0対応)
NGSIv1 を知っている開発者向けの NGSIv2 の概要 (Orion 1.13.0対応)fisuda
 
Session 4 - Bringing the pieces together - Detailed review of a reference ex...
Session 4 - Bringing the pieces together - Detailed review of a reference ex...Session 4 - Bringing the pieces together - Detailed review of a reference ex...
Session 4 - Bringing the pieces together - Detailed review of a reference ex...FIWARE
 
FIWARE Wednesday Webinars - How to Design DataModels
FIWARE Wednesday Webinars - How to Design DataModelsFIWARE Wednesday Webinars - How to Design DataModels
FIWARE Wednesday Webinars - How to Design DataModelsFIWARE
 
FIWARE Training: JSON-LD and NGSI-LD
FIWARE Training: JSON-LD and NGSI-LDFIWARE Training: JSON-LD and NGSI-LD
FIWARE Training: JSON-LD and NGSI-LDFIWARE
 
FIWARE Wednesday Webinars - NGSI-LD and Smart Data Models: Standard Access to...
FIWARE Wednesday Webinars - NGSI-LD and Smart Data Models: Standard Access to...FIWARE Wednesday Webinars - NGSI-LD and Smart Data Models: Standard Access to...
FIWARE Wednesday Webinars - NGSI-LD and Smart Data Models: Standard Access to...FIWARE
 
FIWARE Training: API Umbrella
FIWARE Training: API UmbrellaFIWARE Training: API Umbrella
FIWARE Training: API UmbrellaFIWARE
 
FIWARE Wednesday Webinars - FIWARE Overview
FIWARE Wednesday Webinars - FIWARE OverviewFIWARE Wednesday Webinars - FIWARE Overview
FIWARE Wednesday Webinars - FIWARE OverviewFIWARE
 
FIWARE Training: FIWARE Training: i4Trust Marketplace
FIWARE Training: FIWARE Training: i4Trust MarketplaceFIWARE Training: FIWARE Training: i4Trust Marketplace
FIWARE Training: FIWARE Training: i4Trust MarketplaceFIWARE
 
Data Modeling with NGSI, NGSI-LD
Data Modeling with NGSI, NGSI-LDData Modeling with NGSI, NGSI-LD
Data Modeling with NGSI, NGSI-LDFernando Lopez Aguilar
 
FIWARE Global Summit - NGSI-LD - NGSI with Linked Data
FIWARE Global Summit - NGSI-LD - NGSI with Linked DataFIWARE Global Summit - NGSI-LD - NGSI with Linked Data
FIWARE Global Summit - NGSI-LD - NGSI with Linked DataFIWARE
 
OPA: The Cloud Native Policy Engine
OPA: The Cloud Native Policy EngineOPA: The Cloud Native Policy Engine
OPA: The Cloud Native Policy EngineTorin Sandall
 
Orion Context Broker NGSI-v2 Overview for Developers That Already Know NGSI-v...
Orion Context Broker NGSI-v2 Overview for Developers That Already Know NGSI-v...Orion Context Broker NGSI-v2 Overview for Developers That Already Know NGSI-v...
Orion Context Broker NGSI-v2 Overview for Developers That Already Know NGSI-v...Fermin Galan
 
OpenShift Enterprise
OpenShift EnterpriseOpenShift Enterprise
OpenShift EnterpriseAli Sadeghi Ardestani
 
FIWARE Training: Introduction to Smart Data Models
FIWARE Training: Introduction to Smart Data ModelsFIWARE Training: Introduction to Smart Data Models
FIWARE Training: Introduction to Smart Data ModelsFIWARE
 
FIWARE Wednesday Webinars - Performing Big Data Analysis Using Cosmos With Sp...
FIWARE Wednesday Webinars - Performing Big Data Analysis Using Cosmos With Sp...FIWARE Wednesday Webinars - Performing Big Data Analysis Using Cosmos With Sp...
FIWARE Wednesday Webinars - Performing Big Data Analysis Using Cosmos With Sp...FIWARE
 
How to debug IoT Agents
How to debug IoT AgentsHow to debug IoT Agents
How to debug IoT AgentsFernando Lopez Aguilar
 
Re-Platforming Legacy .Net Applications to PCF Using Modernized Techniques
Re-Platforming Legacy .Net Applications to PCF Using Modernized Techniques Re-Platforming Legacy .Net Applications to PCF Using Modernized Techniques
Re-Platforming Legacy .Net Applications to PCF Using Modernized Techniques VMware Tanzu
 

More Related Content

What's hot

Session 3 - i4Trust components for Identity Management and Access Control i4T...
Session 3 - i4Trust components for Identity Management and Access Control i4T...Session 3 - i4Trust components for Identity Management and Access Control i4T...
Session 3 - i4Trust components for Identity Management and Access Control i4T...FIWARE
 
FIWARE Global Summit - The Scorpio NGSI-LD Broker: Features and Supported Arc...
FIWARE Global Summit - The Scorpio NGSI-LD Broker: Features and Supported Arc...FIWARE Global Summit - The Scorpio NGSI-LD Broker: Features and Supported Arc...
FIWARE Global Summit - The Scorpio NGSI-LD Broker: Features and Supported Arc...FIWARE
 
FIWARE: Managing Context Information at large scale
FIWARE: Managing Context Information at large scaleFIWARE: Managing Context Information at large scale
FIWARE: Managing Context Information at large scaleFermin Galan
 
Data persistency (draco, cygnus, sth comet, quantum leap)
Data persistency (draco, cygnus, sth comet, quantum leap)Data persistency (draco, cygnus, sth comet, quantum leap)
Data persistency (draco, cygnus, sth comet, quantum leap)Fernando Lopez Aguilar
 
Integrating Fiware Orion, Keyrock and Wilma
Integrating Fiware Orion, Keyrock and WilmaIntegrating Fiware Orion, Keyrock and Wilma
Integrating Fiware Orion, Keyrock and WilmaDalton Valadares
 
NGSIv1 を知っている開発者向けの NGSIv2 の概要 (Orion 1.13.0対応)
NGSIv1 を知っている開発者向けの NGSIv2 の概要 (Orion 1.13.0対応)NGSIv1 を知っている開発者向けの NGSIv2 の概要 (Orion 1.13.0対応)
NGSIv1 を知っている開発者向けの NGSIv2 の概要 (Orion 1.13.0対応)fisuda
 
Session 4 - Bringing the pieces together - Detailed review of a reference ex...
Session 4 - Bringing the pieces together - Detailed review of a reference ex...Session 4 - Bringing the pieces together - Detailed review of a reference ex...
Session 4 - Bringing the pieces together - Detailed review of a reference ex...FIWARE
 
FIWARE Wednesday Webinars - How to Design DataModels
FIWARE Wednesday Webinars - How to Design DataModelsFIWARE Wednesday Webinars - How to Design DataModels
FIWARE Wednesday Webinars - How to Design DataModelsFIWARE
 
FIWARE Training: JSON-LD and NGSI-LD
FIWARE Training: JSON-LD and NGSI-LDFIWARE Training: JSON-LD and NGSI-LD
FIWARE Training: JSON-LD and NGSI-LDFIWARE
 
FIWARE Wednesday Webinars - NGSI-LD and Smart Data Models: Standard Access to...
FIWARE Wednesday Webinars - NGSI-LD and Smart Data Models: Standard Access to...FIWARE Wednesday Webinars - NGSI-LD and Smart Data Models: Standard Access to...
FIWARE Wednesday Webinars - NGSI-LD and Smart Data Models: Standard Access to...FIWARE
 
FIWARE Training: API Umbrella
FIWARE Training: API UmbrellaFIWARE Training: API Umbrella
FIWARE Training: API UmbrellaFIWARE
 
FIWARE Wednesday Webinars - FIWARE Overview
FIWARE Wednesday Webinars - FIWARE OverviewFIWARE Wednesday Webinars - FIWARE Overview
FIWARE Wednesday Webinars - FIWARE OverviewFIWARE
 
FIWARE Training: FIWARE Training: i4Trust Marketplace
FIWARE Training: FIWARE Training: i4Trust MarketplaceFIWARE Training: FIWARE Training: i4Trust Marketplace
FIWARE Training: FIWARE Training: i4Trust MarketplaceFIWARE
 
FIWARE Global Summit - NGSI-LD - NGSI with Linked Data
FIWARE Global Summit - NGSI-LD - NGSI with Linked DataFIWARE Global Summit - NGSI-LD - NGSI with Linked Data
FIWARE Global Summit - NGSI-LD - NGSI with Linked DataFIWARE
 
OPA: The Cloud Native Policy Engine
OPA: The Cloud Native Policy EngineOPA: The Cloud Native Policy Engine
OPA: The Cloud Native Policy EngineTorin Sandall
 
Orion Context Broker NGSI-v2 Overview for Developers That Already Know NGSI-v...
Orion Context Broker NGSI-v2 Overview for Developers That Already Know NGSI-v...Orion Context Broker NGSI-v2 Overview for Developers That Already Know NGSI-v...
Orion Context Broker NGSI-v2 Overview for Developers That Already Know NGSI-v...Fermin Galan
 
FIWARE Training: Introduction to Smart Data Models
FIWARE Training: Introduction to Smart Data ModelsFIWARE Training: Introduction to Smart Data Models
FIWARE Training: Introduction to Smart Data ModelsFIWARE
 
FIWARE Wednesday Webinars - Performing Big Data Analysis Using Cosmos With Sp...
FIWARE Wednesday Webinars - Performing Big Data Analysis Using Cosmos With Sp...FIWARE Wednesday Webinars - Performing Big Data Analysis Using Cosmos With Sp...
FIWARE Wednesday Webinars - Performing Big Data Analysis Using Cosmos With Sp...FIWARE
 

What's hot (20)

Session 3 - i4Trust components for Identity Management and Access Control i4T...
Session 3 - i4Trust components for Identity Management and Access Control i4T...Session 3 - i4Trust components for Identity Management and Access Control i4T...
Session 3 - i4Trust components for Identity Management and Access Control i4T...
 
FIWARE Global Summit - The Scorpio NGSI-LD Broker: Features and Supported Arc...
FIWARE Global Summit - The Scorpio NGSI-LD Broker: Features and Supported Arc...FIWARE Global Summit - The Scorpio NGSI-LD Broker: Features and Supported Arc...
FIWARE Global Summit - The Scorpio NGSI-LD Broker: Features and Supported Arc...
 
FIWARE: Managing Context Information at large scale
FIWARE: Managing Context Information at large scaleFIWARE: Managing Context Information at large scale
FIWARE: Managing Context Information at large scale
 
Data persistency (draco, cygnus, sth comet, quantum leap)
Data persistency (draco, cygnus, sth comet, quantum leap)Data persistency (draco, cygnus, sth comet, quantum leap)
Data persistency (draco, cygnus, sth comet, quantum leap)
 
Integrating Fiware Orion, Keyrock and Wilma
Integrating Fiware Orion, Keyrock and WilmaIntegrating Fiware Orion, Keyrock and Wilma
Integrating Fiware Orion, Keyrock and Wilma
 
NGSIv1 を知っている開発者向けの NGSIv2 の概要 (Orion 1.13.0対応)
NGSIv1 を知っている開発者向けの NGSIv2 の概要 (Orion 1.13.0対応)NGSIv1 を知っている開発者向けの NGSIv2 の概要 (Orion 1.13.0対応)
NGSIv1 を知っている開発者向けの NGSIv2 の概要 (Orion 1.13.0対応)
 
Session 4 - Bringing the pieces together - Detailed review of a reference ex...
Session 4 - Bringing the pieces together - Detailed review of a reference ex...Session 4 - Bringing the pieces together - Detailed review of a reference ex...
Session 4 - Bringing the pieces together - Detailed review of a reference ex...
 
FIWARE Wednesday Webinars - How to Design DataModels
FIWARE Wednesday Webinars - How to Design DataModelsFIWARE Wednesday Webinars - How to Design DataModels
FIWARE Wednesday Webinars - How to Design DataModels
 
FIWARE Training: JSON-LD and NGSI-LD
FIWARE Training: JSON-LD and NGSI-LDFIWARE Training: JSON-LD and NGSI-LD
FIWARE Training: JSON-LD and NGSI-LD
 
FIWARE Wednesday Webinars - NGSI-LD and Smart Data Models: Standard Access to...
FIWARE Wednesday Webinars - NGSI-LD and Smart Data Models: Standard Access to...FIWARE Wednesday Webinars - NGSI-LD and Smart Data Models: Standard Access to...
FIWARE Wednesday Webinars - NGSI-LD and Smart Data Models: Standard Access to...
 
FIWARE Training: API Umbrella
FIWARE Training: API UmbrellaFIWARE Training: API Umbrella
FIWARE Training: API Umbrella
 
FIWARE Wednesday Webinars - FIWARE Overview
FIWARE Wednesday Webinars - FIWARE OverviewFIWARE Wednesday Webinars - FIWARE Overview
FIWARE Wednesday Webinars - FIWARE Overview
 
FIWARE Training: FIWARE Training: i4Trust Marketplace
FIWARE Training: FIWARE Training: i4Trust MarketplaceFIWARE Training: FIWARE Training: i4Trust Marketplace
FIWARE Training: FIWARE Training: i4Trust Marketplace
 
Data Modeling with NGSI, NGSI-LD
Data Modeling with NGSI, NGSI-LDData Modeling with NGSI, NGSI-LD
Data Modeling with NGSI, NGSI-LD
 
FIWARE Global Summit - NGSI-LD - NGSI with Linked Data
FIWARE Global Summit - NGSI-LD - NGSI with Linked DataFIWARE Global Summit - NGSI-LD - NGSI with Linked Data
FIWARE Global Summit - NGSI-LD - NGSI with Linked Data
 
OPA: The Cloud Native Policy Engine
OPA: The Cloud Native Policy EngineOPA: The Cloud Native Policy Engine
OPA: The Cloud Native Policy Engine
 
Orion Context Broker NGSI-v2 Overview for Developers That Already Know NGSI-v...
Orion Context Broker NGSI-v2 Overview for Developers That Already Know NGSI-v...Orion Context Broker NGSI-v2 Overview for Developers That Already Know NGSI-v...
Orion Context Broker NGSI-v2 Overview for Developers That Already Know NGSI-v...
 
OpenShift Enterprise
OpenShift EnterpriseOpenShift Enterprise
OpenShift Enterprise
 
FIWARE Training: Introduction to Smart Data Models
FIWARE Training: Introduction to Smart Data ModelsFIWARE Training: Introduction to Smart Data Models
FIWARE Training: Introduction to Smart Data Models
 
FIWARE Wednesday Webinars - Performing Big Data Analysis Using Cosmos With Sp...
FIWARE Wednesday Webinars - Performing Big Data Analysis Using Cosmos With Sp...FIWARE Wednesday Webinars - Performing Big Data Analysis Using Cosmos With Sp...
FIWARE Wednesday Webinars - Performing Big Data Analysis Using Cosmos With Sp...
 

Similar to Kong, Keyrock, Keycloak, i4Trust - Options to Secure FIWARE in Production

Re-Platforming Legacy .Net Applications to PCF Using Modernized Techniques
Re-Platforming Legacy .Net Applications to PCF Using Modernized Techniques Re-Platforming Legacy .Net Applications to PCF Using Modernized Techniques
Re-Platforming Legacy .Net Applications to PCF Using Modernized Techniques VMware Tanzu
 
Kube con china_2019_7 missing factors for your production-quality 12-factor apps
Kube con china_2019_7 missing factors for your production-quality 12-factor appsKube con china_2019_7 missing factors for your production-quality 12-factor apps
Kube con china_2019_7 missing factors for your production-quality 12-factor appsShikha Srivastava
 
第1回福岡SoftLayer勉強会
第1回福岡SoftLayer勉強会第1回福岡SoftLayer勉強会
第1回福岡SoftLayer勉強会Shin Sakamoto
 
Webinar: Capabilities, Confidence and Community – What Flux GA Means for You
Webinar: Capabilities, Confidence and Community – What Flux GA Means for YouWebinar: Capabilities, Confidence and Community – What Flux GA Means for You
Webinar: Capabilities, Confidence and Community – What Flux GA Means for YouWeaveworks
 
APIConnect Security Best Practice
APIConnect Security Best PracticeAPIConnect Security Best Practice
APIConnect Security Best PracticeShiu-Fun Poon
 
FIWARE Wednesday Webinars - How to Debug IoT Agents
FIWARE Wednesday Webinars - How to Debug IoT AgentsFIWARE Wednesday Webinars - How to Debug IoT Agents
FIWARE Wednesday Webinars - How to Debug IoT AgentsFIWARE
 
Intro to GitOps with Weave GitOps, Flagger and Linkerd
Intro to GitOps with Weave GitOps, Flagger and LinkerdIntro to GitOps with Weave GitOps, Flagger and Linkerd
Intro to GitOps with Weave GitOps, Flagger and LinkerdWeaveworks
 
Webinar: ForgeRock Identity Platform Preview (Dec 2015)
Webinar: ForgeRock Identity Platform Preview (Dec 2015)Webinar: ForgeRock Identity Platform Preview (Dec 2015)
Webinar: ForgeRock Identity Platform Preview (Dec 2015)ForgeRock
 
Introduction to Kong API Gateway
Introduction to Kong API GatewayIntroduction to Kong API Gateway
Introduction to Kong API GatewayYohann Ciurlik
 
Robust Network Security and Observability with GitOps and Cilium
Robust Network Security and Observability with GitOps and CiliumRobust Network Security and Observability with GitOps and Cilium
Robust Network Security and Observability with GitOps and CiliumWeaveworks
 
Webinar: Extend The Power of The ForgeRock Identity Platform Through Scripting
Webinar: Extend The Power of The ForgeRock Identity Platform Through ScriptingWebinar: Extend The Power of The ForgeRock Identity Platform Through Scripting
Webinar: Extend The Power of The ForgeRock Identity Platform Through ScriptingForgeRock
 
Programmable infrastructure with FlyScript
Programmable infrastructure with FlyScriptProgrammable infrastructure with FlyScript
Programmable infrastructure with FlyScriptRiverbed Technology
 
Apache NiFi SDLC Improvements
Apache NiFi SDLC ImprovementsApache NiFi SDLC Improvements
Apache NiFi SDLC ImprovementsBryan Bende
 
What's New in NGINX Plus R10?
What's New in NGINX Plus R10?What's New in NGINX Plus R10?
What's New in NGINX Plus R10?NGINX, Inc.
 
Presentation network design and security for your v mware view deployment w...
Presentation network design and security for your v mware view deployment w...Presentation network design and security for your v mware view deployment w...
Presentation network design and security for your v mware view deployment w...solarisyourep
 
VMworld 2013: Failsafe at PCIe Level: Enabling PCIe Hot Swap
VMworld 2013: Failsafe at PCIe Level: Enabling PCIe Hot Swap VMworld 2013: Failsafe at PCIe Level: Enabling PCIe Hot Swap
VMworld 2013: Failsafe at PCIe Level: Enabling PCIe Hot Swap VMworld
 
How to Achieve 80% Faster Builds and DevOps at Scale With Git
How to Achieve 80% Faster Builds and DevOps at Scale With Git How to Achieve 80% Faster Builds and DevOps at Scale With Git
How to Achieve 80% Faster Builds and DevOps at Scale With Git Perforce
 

Similar to Kong, Keyrock, Keycloak, i4Trust - Options to Secure FIWARE in Production (20)

How to debug IoT Agents
How to debug IoT AgentsHow to debug IoT Agents
How to debug IoT Agents
 
Re-Platforming Legacy .Net Applications to PCF Using Modernized Techniques
Re-Platforming Legacy .Net Applications to PCF Using Modernized Techniques Re-Platforming Legacy .Net Applications to PCF Using Modernized Techniques
Re-Platforming Legacy .Net Applications to PCF Using Modernized Techniques
 
Kube con china_2019_7 missing factors for your production-quality 12-factor apps
Kube con china_2019_7 missing factors for your production-quality 12-factor appsKube con china_2019_7 missing factors for your production-quality 12-factor apps
Kube con china_2019_7 missing factors for your production-quality 12-factor apps
 
第1回福岡SoftLayer勉強会
第1回福岡SoftLayer勉強会第1回福岡SoftLayer勉強会
第1回福岡SoftLayer勉強会
 
Webinar: Capabilities, Confidence and Community – What Flux GA Means for You
Webinar: Capabilities, Confidence and Community – What Flux GA Means for YouWebinar: Capabilities, Confidence and Community – What Flux GA Means for You
Webinar: Capabilities, Confidence and Community – What Flux GA Means for You
 
Cncf microservices security
Cncf microservices securityCncf microservices security
Cncf microservices security
 
APIConnect Security Best Practice
APIConnect Security Best PracticeAPIConnect Security Best Practice
APIConnect Security Best Practice
 
FIWARE Wednesday Webinars - How to Debug IoT Agents
FIWARE Wednesday Webinars - How to Debug IoT AgentsFIWARE Wednesday Webinars - How to Debug IoT Agents
FIWARE Wednesday Webinars - How to Debug IoT Agents
 
Externalized Spring Boot App Configuration
Externalized Spring Boot App ConfigurationExternalized Spring Boot App Configuration
Externalized Spring Boot App Configuration
 
Intro to GitOps with Weave GitOps, Flagger and Linkerd
Intro to GitOps with Weave GitOps, Flagger and LinkerdIntro to GitOps with Weave GitOps, Flagger and Linkerd
Intro to GitOps with Weave GitOps, Flagger and Linkerd
 
Webinar: ForgeRock Identity Platform Preview (Dec 2015)
Webinar: ForgeRock Identity Platform Preview (Dec 2015)Webinar: ForgeRock Identity Platform Preview (Dec 2015)
Webinar: ForgeRock Identity Platform Preview (Dec 2015)
 
Introduction to Kong API Gateway
Introduction to Kong API GatewayIntroduction to Kong API Gateway
Introduction to Kong API Gateway
 
Robust Network Security and Observability with GitOps and Cilium
Robust Network Security and Observability with GitOps and CiliumRobust Network Security and Observability with GitOps and Cilium
Robust Network Security and Observability with GitOps and Cilium
 
Webinar: Extend The Power of The ForgeRock Identity Platform Through Scripting
Webinar: Extend The Power of The ForgeRock Identity Platform Through ScriptingWebinar: Extend The Power of The ForgeRock Identity Platform Through Scripting
Webinar: Extend The Power of The ForgeRock Identity Platform Through Scripting
 
Programmable infrastructure with FlyScript
Programmable infrastructure with FlyScriptProgrammable infrastructure with FlyScript
Programmable infrastructure with FlyScript
 
Apache NiFi SDLC Improvements
Apache NiFi SDLC ImprovementsApache NiFi SDLC Improvements
Apache NiFi SDLC Improvements
 
What's New in NGINX Plus R10?
What's New in NGINX Plus R10?What's New in NGINX Plus R10?
What's New in NGINX Plus R10?
 
Presentation network design and security for your v mware view deployment w...
Presentation network design and security for your v mware view deployment w...Presentation network design and security for your v mware view deployment w...
Presentation network design and security for your v mware view deployment w...
 
VMworld 2013: Failsafe at PCIe Level: Enabling PCIe Hot Swap
VMworld 2013: Failsafe at PCIe Level: Enabling PCIe Hot Swap VMworld 2013: Failsafe at PCIe Level: Enabling PCIe Hot Swap
VMworld 2013: Failsafe at PCIe Level: Enabling PCIe Hot Swap
 
How to Achieve 80% Faster Builds and DevOps at Scale With Git
How to Achieve 80% Faster Builds and DevOps at Scale With Git How to Achieve 80% Faster Builds and DevOps at Scale With Git
How to Achieve 80% Faster Builds and DevOps at Scale With Git
 

More from FIWARE

Behm_Herne_NeMo_akt.pptx
Behm_Herne_NeMo_akt.pptxBehm_Herne_NeMo_akt.pptx
Behm_Herne_NeMo_akt.pptxFIWARE
 
Katharina Hogrebe Herne Digital Days.pdf
Katharina Hogrebe Herne Digital Days.pdf Katharina Hogrebe Herne Digital Days.pdf
Katharina Hogrebe Herne Digital Days.pdfFIWARE
 
Christoph Mertens_IDSA_Introduction to Data Spaces.pptx
Christoph Mertens_IDSA_Introduction to Data Spaces.pptxChristoph Mertens_IDSA_Introduction to Data Spaces.pptx
Christoph Mertens_IDSA_Introduction to Data Spaces.pptxFIWARE
 
Behm_Herne_NeMo.pptx
Behm_Herne_NeMo.pptxBehm_Herne_NeMo.pptx
Behm_Herne_NeMo.pptxFIWARE
 
Evangelists + iHubs Promo Slides.pptx
Evangelists + iHubs Promo Slides.pptxEvangelists + iHubs Promo Slides.pptx
Evangelists + iHubs Promo Slides.pptxFIWARE
 
Lukas Künzel Smart City Operating System.pptx
Lukas Künzel Smart City Operating System.pptxLukas Künzel Smart City Operating System.pptx
Lukas Künzel Smart City Operating System.pptxFIWARE
 
Pierre Golz Der Transformationsprozess im Konzern Stadt.pptx
Pierre Golz Der Transformationsprozess im Konzern Stadt.pptxPierre Golz Der Transformationsprozess im Konzern Stadt.pptx
Pierre Golz Der Transformationsprozess im Konzern Stadt.pptxFIWARE
 
Dennis Wendland_The i4Trust Collaboration Programme.pptx
Dennis Wendland_The i4Trust Collaboration Programme.pptxDennis Wendland_The i4Trust Collaboration Programme.pptx
Dennis Wendland_The i4Trust Collaboration Programme.pptxFIWARE
 
Ulrich Ahle_FIWARE.pptx
Ulrich Ahle_FIWARE.pptxUlrich Ahle_FIWARE.pptx
Ulrich Ahle_FIWARE.pptxFIWARE
 
Aleksandar Vrglevski _FIWARE DACH_OSIH.pptx
Aleksandar Vrglevski _FIWARE DACH_OSIH.pptxAleksandar Vrglevski _FIWARE DACH_OSIH.pptx
Aleksandar Vrglevski _FIWARE DACH_OSIH.pptxFIWARE
 
Water Quality - Lukas Kuenzel.pdf
Water Quality - Lukas Kuenzel.pdfWater Quality - Lukas Kuenzel.pdf
Water Quality - Lukas Kuenzel.pdfFIWARE
 
Cameron Brooks_FGS23_FIWARE Summit_Keynote_Cameron.pptx
Cameron Brooks_FGS23_FIWARE Summit_Keynote_Cameron.pptxCameron Brooks_FGS23_FIWARE Summit_Keynote_Cameron.pptx
Cameron Brooks_FGS23_FIWARE Summit_Keynote_Cameron.pptxFIWARE
 
FiWareSummit.msGIS-Data-to-Value.2023.06.12.pptx
FiWareSummit.msGIS-Data-to-Value.2023.06.12.pptxFiWareSummit.msGIS-Data-to-Value.2023.06.12.pptx
FiWareSummit.msGIS-Data-to-Value.2023.06.12.pptxFIWARE
 
Boris Otto_FGS2023_Opening- EU Innovations from Data_PUB_V1_BOt.pptx
Boris Otto_FGS2023_Opening- EU Innovations from Data_PUB_V1_BOt.pptxBoris Otto_FGS2023_Opening- EU Innovations from Data_PUB_V1_BOt.pptx
Boris Otto_FGS2023_Opening- EU Innovations from Data_PUB_V1_BOt.pptxFIWARE
 
Bjoern de Vidts_FGS23_Opening_athumi - bjord de vidts - personal data spaces....
Bjoern de Vidts_FGS23_Opening_athumi - bjord de vidts - personal data spaces....Bjoern de Vidts_FGS23_Opening_athumi - bjord de vidts - personal data spaces....
Bjoern de Vidts_FGS23_Opening_athumi - bjord de vidts - personal data spaces....FIWARE
 
Abdulrahman Ibrahim_FGS23 Opening - Abdulrahman Ibrahim.pdf
Abdulrahman Ibrahim_FGS23 Opening - Abdulrahman Ibrahim.pdfAbdulrahman Ibrahim_FGS23 Opening - Abdulrahman Ibrahim.pdf
Abdulrahman Ibrahim_FGS23 Opening - Abdulrahman Ibrahim.pdfFIWARE
 
FGS2023_Opening_Red Hat Keynote Andrea Battaglia.pdf
FGS2023_Opening_Red Hat Keynote Andrea Battaglia.pdfFGS2023_Opening_Red Hat Keynote Andrea Battaglia.pdf
FGS2023_Opening_Red Hat Keynote Andrea Battaglia.pdfFIWARE
 
HTAG_Skalierung_Plattform_lokal_final_versand.pptx
HTAG_Skalierung_Plattform_lokal_final_versand.pptxHTAG_Skalierung_Plattform_lokal_final_versand.pptx
HTAG_Skalierung_Plattform_lokal_final_versand.pptxFIWARE
 
WE_LoRaWAN _ IoT.pptx
WE_LoRaWAN _ IoT.pptxWE_LoRaWAN _ IoT.pptx
WE_LoRaWAN _ IoT.pptxFIWARE
 
EU Opp_Clara Pezuela - German chapter.pptx
EU Opp_Clara Pezuela - German chapter.pptxEU Opp_Clara Pezuela - German chapter.pptx
EU Opp_Clara Pezuela - German chapter.pptxFIWARE
 

More from FIWARE (20)

Behm_Herne_NeMo_akt.pptx
Behm_Herne_NeMo_akt.pptxBehm_Herne_NeMo_akt.pptx
Behm_Herne_NeMo_akt.pptx
 
Katharina Hogrebe Herne Digital Days.pdf
Katharina Hogrebe Herne Digital Days.pdf Katharina Hogrebe Herne Digital Days.pdf
Katharina Hogrebe Herne Digital Days.pdf
 
Christoph Mertens_IDSA_Introduction to Data Spaces.pptx
Christoph Mertens_IDSA_Introduction to Data Spaces.pptxChristoph Mertens_IDSA_Introduction to Data Spaces.pptx
Christoph Mertens_IDSA_Introduction to Data Spaces.pptx
 
Behm_Herne_NeMo.pptx
Behm_Herne_NeMo.pptxBehm_Herne_NeMo.pptx
Behm_Herne_NeMo.pptx
 
Evangelists + iHubs Promo Slides.pptx
Evangelists + iHubs Promo Slides.pptxEvangelists + iHubs Promo Slides.pptx
Evangelists + iHubs Promo Slides.pptx
 
Lukas Künzel Smart City Operating System.pptx
Lukas Künzel Smart City Operating System.pptxLukas Künzel Smart City Operating System.pptx
Lukas Künzel Smart City Operating System.pptx
 
Pierre Golz Der Transformationsprozess im Konzern Stadt.pptx
Pierre Golz Der Transformationsprozess im Konzern Stadt.pptxPierre Golz Der Transformationsprozess im Konzern Stadt.pptx
Pierre Golz Der Transformationsprozess im Konzern Stadt.pptx
 
Dennis Wendland_The i4Trust Collaboration Programme.pptx
Dennis Wendland_The i4Trust Collaboration Programme.pptxDennis Wendland_The i4Trust Collaboration Programme.pptx
Dennis Wendland_The i4Trust Collaboration Programme.pptx
 
Ulrich Ahle_FIWARE.pptx
Ulrich Ahle_FIWARE.pptxUlrich Ahle_FIWARE.pptx
Ulrich Ahle_FIWARE.pptx
 
Aleksandar Vrglevski _FIWARE DACH_OSIH.pptx
Aleksandar Vrglevski _FIWARE DACH_OSIH.pptxAleksandar Vrglevski _FIWARE DACH_OSIH.pptx
Aleksandar Vrglevski _FIWARE DACH_OSIH.pptx
 
Water Quality - Lukas Kuenzel.pdf
Water Quality - Lukas Kuenzel.pdfWater Quality - Lukas Kuenzel.pdf
Water Quality - Lukas Kuenzel.pdf
 
Cameron Brooks_FGS23_FIWARE Summit_Keynote_Cameron.pptx
Cameron Brooks_FGS23_FIWARE Summit_Keynote_Cameron.pptxCameron Brooks_FGS23_FIWARE Summit_Keynote_Cameron.pptx
Cameron Brooks_FGS23_FIWARE Summit_Keynote_Cameron.pptx
 
FiWareSummit.msGIS-Data-to-Value.2023.06.12.pptx
FiWareSummit.msGIS-Data-to-Value.2023.06.12.pptxFiWareSummit.msGIS-Data-to-Value.2023.06.12.pptx
FiWareSummit.msGIS-Data-to-Value.2023.06.12.pptx
 
Boris Otto_FGS2023_Opening- EU Innovations from Data_PUB_V1_BOt.pptx
Boris Otto_FGS2023_Opening- EU Innovations from Data_PUB_V1_BOt.pptxBoris Otto_FGS2023_Opening- EU Innovations from Data_PUB_V1_BOt.pptx
Boris Otto_FGS2023_Opening- EU Innovations from Data_PUB_V1_BOt.pptx
 
Bjoern de Vidts_FGS23_Opening_athumi - bjord de vidts - personal data spaces....
Bjoern de Vidts_FGS23_Opening_athumi - bjord de vidts - personal data spaces....Bjoern de Vidts_FGS23_Opening_athumi - bjord de vidts - personal data spaces....
Bjoern de Vidts_FGS23_Opening_athumi - bjord de vidts - personal data spaces....
 
Abdulrahman Ibrahim_FGS23 Opening - Abdulrahman Ibrahim.pdf
Abdulrahman Ibrahim_FGS23 Opening - Abdulrahman Ibrahim.pdfAbdulrahman Ibrahim_FGS23 Opening - Abdulrahman Ibrahim.pdf
Abdulrahman Ibrahim_FGS23 Opening - Abdulrahman Ibrahim.pdf
 
FGS2023_Opening_Red Hat Keynote Andrea Battaglia.pdf
FGS2023_Opening_Red Hat Keynote Andrea Battaglia.pdfFGS2023_Opening_Red Hat Keynote Andrea Battaglia.pdf
FGS2023_Opening_Red Hat Keynote Andrea Battaglia.pdf
 
HTAG_Skalierung_Plattform_lokal_final_versand.pptx
HTAG_Skalierung_Plattform_lokal_final_versand.pptxHTAG_Skalierung_Plattform_lokal_final_versand.pptx
HTAG_Skalierung_Plattform_lokal_final_versand.pptx
 
WE_LoRaWAN _ IoT.pptx
WE_LoRaWAN _ IoT.pptxWE_LoRaWAN _ IoT.pptx
WE_LoRaWAN _ IoT.pptx
 
EU Opp_Clara Pezuela - German chapter.pptx
EU Opp_Clara Pezuela - German chapter.pptxEU Opp_Clara Pezuela - German chapter.pptx
EU Opp_Clara Pezuela - German chapter.pptx
 

Recently uploaded

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 

Recently uploaded (20)

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 

Kong, Keyrock, Keycloak, i4Trust - Options to Secure FIWARE in Production

  • 1. Kong, Keyrock, Keycloak, i4Trust - Options to secure FIWARE in production Stefan Wiedemann, Technical Lead & Architect FIWARE Foundation
  • 2. 1 Role of an API-Gateway in FIWARE platforms ▪ Context Broker as the central component ▪ Contacted: • from different external actors • from different internal actors • with different loads ▪ No “self-defense” mechanism We need a component to protect the platform
  • 3. 2 Role of an API-Gateway in FIWARE platforms ▪ Context Broker as the central component ▪ Contacted: • from different external actors • from different internal actors • with different loads ▪ No “self-defense” mechanism We need a component to protect the platform
  • 4. Role of an API-Gateway in FIWARE platforms ▪ Access control: PEP-Proxy & Policy-decision Point • Allow to control who can access what ▪ Additional requirements: • Rate-limiting? • Usage-Control? • Monitoring? API-Gateway as the central entry point can provide those capabilities 3
  • 5. Role of an API-Gateway in FIWARE platforms 4
  • 6. Why Kong? ▪ One of the most popular and adopted solutions in the market ▪ OpenSource(and Enterprise) Version available, maintained by a huge and active community ▪ Production ready deployment tools ▪ Plugin-support: • FIWARE specific functionality can be implemented as plugin • Supports various languages, e.g lua, go and python ▪ Plugins for the additional requirements available - Kong Hub: • Rate-limiting • Usage monitoring 5
  • 8. Running Kong ▪ Multiple solutions available: Kong - Install and run ▪ Running with Helm on OpenShift: • Kong in the FIWARE demo environment ▪ Some details about the demo environment: • Uses the official Kong Helm-Chart • Extended with support for OpenShift routes • Pre-built image from FIWARE, already including the plugins • Declarative configuration via ConfigMap • Applied via GitOps - ArgoCD 7
  • 9. Kong as PEP-Proxy ▪ Plugins for using Kong as a PEP in FIWARE: • ngsi-ishare-policies to enforce iTrust compliant authz/n • Keyrock as PDP - delegate role-based decisions to Keyrock • Keycloak as PDP - delegate decisions to Keycloak • External-Authz - delegate decisions to a compliant endpoint, for example the DSBA-PDP to support Verifiable Credentials 8
  • 10. General plugin configuration 9 kong: … env: … plugins: bundled,pep-plugin,ngsi-ishare-policies pluginserver_names: pep-plugin pluginserver_pep_plugin_start_cmd: "/go-plugins/pep-plugin" pluginserver_pep_plugin_query_cmd: "/go-plugins/pep-plugin -dump" … dblessConfig: configMap: kong-configmap
  • 11. General plugin configuration Examples: ▪ i4Trust configuration ▪ Keyrock configuration 10 services: - host: “fiware-orion-ld” name: “orion-keyrock” port: 1026 protocol: http routes: - name: orion-keyrock paths: - /keyrock strip_path: true plugins: - name: pep-plugin config: <PLUGIN_SPECIFIC_CONFIGURATION>
  • 12. Keyrock configuration 11 # keyrock example - host: "fiware-orion-ld" name: "orion-keyrock" port: 1026 protocol: http routes: - name: orion-keyrock paths: - /keyrock strip_path: true plugins: - name: pep-plugin config: authorizationendpointtype: Keyrock authorizationendpointaddress: https://keyrock.fiware.dev/user keyrockappid: 7c902139-d4d0-461a-bb14-7fa29aa143fe - name: request-transformer config: remove: headers: - Authorization - authorization
  • 13. i4Trust configuration 12 # i4Trust example - host: "fiware-orion-ld" name: "orion-i4trust" port: 1026 protocol: http routes: - name: orion-i4trust paths: - /i4trust strip_path: true plugins: - name: ngsi-ishare-policies config: access_token: header_names: - "authorization" - "Authorization" ar: identifier: "EU.EORI.NL000000004" host: "https://ar.isharetest.net" token_endpoint: "https://ar.isharetest.net/connect/token" delegation_endpoint: "https://ar.isharetest.net/delegation" satellite: identifier: "EU.EORI.NL000000000" host: "https://scheme.isharetest.net" token_endpoint: "https://scheme.isharetest.net/connect/token" trusted_list_endpoint: "https://scheme.isharetest.net/trusted_list" jws: identifier: … private_key: … x5c: …
  • 14. Keycloak configuration 13 # keycloak example - host: "fiware-orion-ld" name: "orion-keycloak" port: 1026 protocol: http routes: - name: orion-keycloak paths: - /keycloak strip_path: true plugins: - name: pep-plugin config: authorizationendpointtype: Keycloak authorizationendpointaddress: http://fiware-keycloak:80 keycloakrealm: fiware-server keycloakclientid: orion-pep keycloakclientsecret: 978ad148-d99b-406d-83fc-578597290a79 - name: request-transformer config: remove: headers: - Authorization - authorization Keycloak Realm: https://github.com/FIWARE-Ops/fiware-gitops/blob/master/aws/fiware /keycloak/templates/realmConfigMap.yaml
  • 15. Rate-limiting ▪ Rate-limiting plugin: • https://docs.konghq.com/hub/kong-inc/rate-limiting/ • Configure per route 14 - host: "fiware-orion-ld" name: "orion-limited" port: 1026 protocol: http routes: - name: orion-limited paths: - /limited strip_path: true plugins: - name: rate-limiting config: minute: 3
  • 16. Monitoring ▪ Prometheus integration: • https://docs.konghq.com/hub/kong-inc/prometheus/ • Configure per route and enable scraping 15 - host: "fiware-orion-ld" name: "orion-keyrock" port: 1026 protocol: http routes: - name: orion-keyrock paths: - /keyrock strip_path: true plugins: - name: prometheus kong: podAnnotations: prometheus.io/scrape: 'true' prometheus.io/port: '9102'
  • 17. Further reading ▪ i4Trust-tutorials: https://github.com/i4Trust/tutorials ▪ UI: https://github.com/pantsel/konga ▪ Plugin development: • Lua • Go ▪ Slides: https://github.com/wistefan/presentations 16