SlideShare a Scribd company logo

Kong, Keyrock, Keycloak, i4Trust - Options to Secure FIWARE in Production

FIWARE
FIWARE

This training camp teaches you how FIWARE technologies and iSHARE, brought together under the umbrella of the i4Trust initiative, can be combined to provide the means for creation of data spaces in which multiple organizations can exchange digital twin data in a trusted and efficient manner, collaborating in the development of innovative services based on data sharing and creating value out of the data they share. SMEs and Digital Innovation Hubs (DIHs) will be equipped with the necessary know-how to use the i4Trust framework for creating data spaces!

Technology
1 of 18
Download to read offline
Kong, Keyrock, Keycloak, i4Trust - Options to secure FIWARE in production Stefan Wiedemann, Technical Lead & Architect FIWARE Foundation
1 Role of an API-Gateway in FIWARE platforms ▪ Context Broker as the central component ▪ Contacted: • from different external actors • from different internal actors • with different loads ▪ No “self-defense” mechanism We need a component to protect the platform
2 Role of an API-Gateway in FIWARE platforms ▪ Context Broker as the central component ▪ Contacted: • from different external actors • from different internal actors • with different loads ▪ No “self-defense” mechanism We need a component to protect the platform
Role of an API-Gateway in FIWARE platforms ▪ Access control: PEP-Proxy & Policy-decision Point • Allow to control who can access what ▪ Additional requirements: • Rate-limiting? • Usage-Control? • Monitoring? API-Gateway as the central entry point can provide those capabilities 3
Role of an API-Gateway in FIWARE platforms 4
Why Kong? ▪ One of the most popular and adopted solutions in the market ▪ OpenSource(and Enterprise) Version available, maintained by a huge and active community ▪ Production ready deployment tools ▪ Plugin-support: • FIWARE specific functionality can be implemented as plugin • Supports various languages, e.g lua, go and python ▪ Plugins for the additional requirements available - Kong Hub: • Rate-limiting • Usage monitoring 5
Why Kong? 6
Running Kong ▪ Multiple solutions available: Kong - Install and run ▪ Running with Helm on OpenShift: • Kong in the FIWARE demo environment ▪ Some details about the demo environment: • Uses the official Kong Helm-Chart • Extended with support for OpenShift routes • Pre-built image from FIWARE, already including the plugins • Declarative configuration via ConfigMap • Applied via GitOps - ArgoCD 7
Kong as PEP-Proxy ▪ Plugins for using Kong as a PEP in FIWARE: • ngsi-ishare-policies to enforce iTrust compliant authz/n • Keyrock as PDP - delegate role-based decisions to Keyrock • Keycloak as PDP - delegate decisions to Keycloak • External-Authz - delegate decisions to a compliant endpoint, for example the DSBA-PDP to support Verifiable Credentials 8
General plugin configuration 9 kong: … env: … plugins: bundled,pep-plugin,ngsi-ishare-policies pluginserver_names: pep-plugin pluginserver_pep_plugin_start_cmd: "/go-plugins/pep-plugin" pluginserver_pep_plugin_query_cmd: "/go-plugins/pep-plugin -dump" … dblessConfig: configMap: kong-configmap
General plugin configuration Examples: ▪ i4Trust configuration ▪ Keyrock configuration 10 services: - host: “fiware-orion-ld” name: “orion-keyrock” port: 1026 protocol: http routes: - name: orion-keyrock paths: - /keyrock strip_path: true plugins: - name: pep-plugin config: <PLUGIN_SPECIFIC_CONFIGURATION>
Keyrock configuration 11 # keyrock example - host: "fiware-orion-ld" name: "orion-keyrock" port: 1026 protocol: http routes: - name: orion-keyrock paths: - /keyrock strip_path: true plugins: - name: pep-plugin config: authorizationendpointtype: Keyrock authorizationendpointaddress: https://keyrock.fiware.dev/user keyrockappid: 7c902139-d4d0-461a-bb14-7fa29aa143fe - name: request-transformer config: remove: headers: - Authorization - authorization
i4Trust configuration 12 # i4Trust example - host: "fiware-orion-ld" name: "orion-i4trust" port: 1026 protocol: http routes: - name: orion-i4trust paths: - /i4trust strip_path: true plugins: - name: ngsi-ishare-policies config: access_token: header_names: - "authorization" - "Authorization" ar: identifier: "EU.EORI.NL000000004" host: "https://ar.isharetest.net" token_endpoint: "https://ar.isharetest.net/connect/token" delegation_endpoint: "https://ar.isharetest.net/delegation" satellite: identifier: "EU.EORI.NL000000000" host: "https://scheme.isharetest.net" token_endpoint: "https://scheme.isharetest.net/connect/token" trusted_list_endpoint: "https://scheme.isharetest.net/trusted_list" jws: identifier: … private_key: … x5c: …
Keycloak configuration 13 # keycloak example - host: "fiware-orion-ld" name: "orion-keycloak" port: 1026 protocol: http routes: - name: orion-keycloak paths: - /keycloak strip_path: true plugins: - name: pep-plugin config: authorizationendpointtype: Keycloak authorizationendpointaddress: http://fiware-keycloak:80 keycloakrealm: fiware-server keycloakclientid: orion-pep keycloakclientsecret: 978ad148-d99b-406d-83fc-578597290a79 - name: request-transformer config: remove: headers: - Authorization - authorization Keycloak Realm: https://github.com/FIWARE-Ops/fiware-gitops/blob/master/aws/fiware /keycloak/templates/realmConfigMap.yaml
Rate-limiting ▪ Rate-limiting plugin: • https://docs.konghq.com/hub/kong-inc/rate-limiting/ • Configure per route 14 - host: "fiware-orion-ld" name: "orion-limited" port: 1026 protocol: http routes: - name: orion-limited paths: - /limited strip_path: true plugins: - name: rate-limiting config: minute: 3
Monitoring ▪ Prometheus integration: • https://docs.konghq.com/hub/kong-inc/prometheus/ • Configure per route and enable scraping 15 - host: "fiware-orion-ld" name: "orion-keyrock" port: 1026 protocol: http routes: - name: orion-keyrock paths: - /keyrock strip_path: true plugins: - name: prometheus kong: podAnnotations: prometheus.io/scrape: 'true' prometheus.io/port: '9102'
Further reading ▪ i4Trust-tutorials: https://github.com/i4Trust/tutorials ▪ UI: https://github.com/pantsel/konga ▪ Plugin development: • Lua • Go ▪ Slides: https://github.com/wistefan/presentations 16
Thank you! http://fiware.org Follow @FIWARE on Twitter

Recommended

Session 4 - Bringing the pieces together - Detailed review of a reference ex...
Session 4 - Bringing the pieces together - Detailed review of a reference ex...Session 4 - Bringing the pieces together - Detailed review of a reference ex...
Session 4 - Bringing the pieces together - Detailed review of a reference ex...
FIWARE
 
FIWARE Training: IoT and Legacy
FIWARE Training: IoT and LegacyFIWARE Training: IoT and Legacy
FIWARE Training: IoT and Legacy
FIWARE
 
Session 1 - Introduction to i4Trust Data Spaces, building blocks, and roles |...
Session 1 - Introduction to i4Trust Data Spaces, building blocks, and roles |...Session 1 - Introduction to i4Trust Data Spaces, building blocks, and roles |...
Session 1 - Introduction to i4Trust Data Spaces, building blocks, and roles |...
FIWARE
 
FIWARE Wednesday Webinars - Introduction to NGSI-LD
FIWARE Wednesday Webinars - Introduction to NGSI-LDFIWARE Wednesday Webinars - Introduction to NGSI-LD
FIWARE Wednesday Webinars - Introduction to NGSI-LD
FIWARE
 
Session 3 - i4Trust components for Identity Management and Access Control i4T...
Session 3 - i4Trust components for Identity Management and Access Control i4T...Session 3 - i4Trust components for Identity Management and Access Control i4T...
Session 3 - i4Trust components for Identity Management and Access Control i4T...
FIWARE
 
Session 5 - NGSI-LD Advanced Operations | Train the Trainers Program
Session 5 - NGSI-LD Advanced Operations | Train the Trainers ProgramSession 5 - NGSI-LD Advanced Operations | Train the Trainers Program
Session 5 - NGSI-LD Advanced Operations | Train the Trainers Program
FIWARE
 
FIWARE Training: API Umbrella
FIWARE Training: API UmbrellaFIWARE Training: API Umbrella
FIWARE Training: API Umbrella
FIWARE
 
FIWARE Training: JSON-LD and NGSI-LD
FIWARE Training: JSON-LD and NGSI-LDFIWARE Training: JSON-LD and NGSI-LD
FIWARE Training: JSON-LD and NGSI-LD
FIWARE
 

Recommended

Session 4 - Bringing the pieces together - Detailed review of a reference ex...
Session 4 - Bringing the pieces together - Detailed review of a reference ex...Session 4 - Bringing the pieces together - Detailed review of a reference ex...
Session 4 - Bringing the pieces together - Detailed review of a reference ex...
FIWARE
 
FIWARE Training: IoT and Legacy
FIWARE Training: IoT and LegacyFIWARE Training: IoT and Legacy
FIWARE Training: IoT and Legacy
FIWARE
 
Session 1 - Introduction to i4Trust Data Spaces, building blocks, and roles |...
Session 1 - Introduction to i4Trust Data Spaces, building blocks, and roles |...Session 1 - Introduction to i4Trust Data Spaces, building blocks, and roles |...
Session 1 - Introduction to i4Trust Data Spaces, building blocks, and roles |...
FIWARE
 
FIWARE Wednesday Webinars - Introduction to NGSI-LD
FIWARE Wednesday Webinars - Introduction to NGSI-LDFIWARE Wednesday Webinars - Introduction to NGSI-LD
FIWARE Wednesday Webinars - Introduction to NGSI-LD
FIWARE
 
Session 3 - i4Trust components for Identity Management and Access Control i4T...
Session 3 - i4Trust components for Identity Management and Access Control i4T...Session 3 - i4Trust components for Identity Management and Access Control i4T...
Session 3 - i4Trust components for Identity Management and Access Control i4T...
FIWARE
 
Session 5 - NGSI-LD Advanced Operations | Train the Trainers Program
Session 5 - NGSI-LD Advanced Operations | Train the Trainers ProgramSession 5 - NGSI-LD Advanced Operations | Train the Trainers Program
Session 5 - NGSI-LD Advanced Operations | Train the Trainers Program
FIWARE
 
FIWARE Training: API Umbrella
FIWARE Training: API UmbrellaFIWARE Training: API Umbrella
FIWARE Training: API Umbrella
FIWARE
 
FIWARE Training: JSON-LD and NGSI-LD
FIWARE Training: JSON-LD and NGSI-LDFIWARE Training: JSON-LD and NGSI-LD
FIWARE Training: JSON-LD and NGSI-LD
FIWARE
 
FIWARE Wednesday Webinars - FIWARE Overview
FIWARE Wednesday Webinars - FIWARE OverviewFIWARE Wednesday Webinars - FIWARE Overview
FIWARE Wednesday Webinars - FIWARE Overview
FIWARE
 
FIWARE Global Summit - The Scorpio NGSI-LD Broker: Features and Supported Arc...
FIWARE Global Summit - The Scorpio NGSI-LD Broker: Features and Supported Arc...FIWARE Global Summit - The Scorpio NGSI-LD Broker: Features and Supported Arc...
FIWARE Global Summit - The Scorpio NGSI-LD Broker: Features and Supported Arc...
FIWARE
 
Session 2 - NGSI-LD primer & Smart Data Models | Train the Trainers Program
Session 2 - NGSI-LD primer & Smart Data Models | Train the Trainers ProgramSession 2 - NGSI-LD primer & Smart Data Models | Train the Trainers Program
Session 2 - NGSI-LD primer & Smart Data Models | Train the Trainers Program
FIWARE
 
Session 8 - Creating Data Processing Services | Train the Trainers Program
Session 8 - Creating Data Processing Services | Train the Trainers ProgramSession 8 - Creating Data Processing Services | Train the Trainers Program
Session 8 - Creating Data Processing Services | Train the Trainers Program
FIWARE
 
Big Data and Machine Learning with FIWARE
Big Data and Machine Learning with FIWAREBig Data and Machine Learning with FIWARE
Big Data and Machine Learning with FIWARE
Fernando Lopez Aguilar
 
FIWARE Training: NGSI-LD Advanced Operations
FIWARE Training: NGSI-LD Advanced OperationsFIWARE Training: NGSI-LD Advanced Operations
FIWARE Training: NGSI-LD Advanced Operations
FIWARE
 
FIWARE Global Summit - NGSI-LD - NGSI with Linked Data
FIWARE Global Summit - NGSI-LD - NGSI with Linked DataFIWARE Global Summit - NGSI-LD - NGSI with Linked Data
FIWARE Global Summit - NGSI-LD - NGSI with Linked Data
FIWARE
 
Data persistency (draco, cygnus, sth comet, quantum leap)
Data persistency (draco, cygnus, sth comet, quantum leap)Data persistency (draco, cygnus, sth comet, quantum leap)
Data persistency (draco, cygnus, sth comet, quantum leap)
Fernando Lopez Aguilar
 
Integrating Fiware Orion, Keyrock and Wilma
Integrating Fiware Orion, Keyrock and WilmaIntegrating Fiware Orion, Keyrock and Wilma
Integrating Fiware Orion, Keyrock and Wilma
Dalton Valadares
 
FIWARE Wednesday Webinars - Core Context Management
FIWARE Wednesday Webinars - Core Context ManagementFIWARE Wednesday Webinars - Core Context Management
FIWARE Wednesday Webinars - Core Context Management
FIWARE
 
A short introduction to Canis Major
A short introduction to Canis MajorA short introduction to Canis Major
A short introduction to Canis Major
FIWARE
 
FIWARE Wednesday Webinars - Architecting Your Smart Solution Powered by FIWARE
FIWARE Wednesday Webinars - Architecting Your Smart Solution Powered by FIWAREFIWARE Wednesday Webinars - Architecting Your Smart Solution Powered by FIWARE
FIWARE Wednesday Webinars - Architecting Your Smart Solution Powered by FIWARE
FIWARE
 
FIWARE Training: FIWARE Training: i4Trust Marketplace
FIWARE Training: FIWARE Training: i4Trust MarketplaceFIWARE Training: FIWARE Training: i4Trust Marketplace
FIWARE Training: FIWARE Training: i4Trust Marketplace
FIWARE
 
How Netflix Is Solving Authorization Across Their Cloud
How Netflix Is Solving Authorization Across Their CloudHow Netflix Is Solving Authorization Across Their Cloud
How Netflix Is Solving Authorization Across Their Cloud
Torin Sandall
 
Advanced Security Extensions in Apigee Edge: JWT, JWE, JWS
Advanced Security Extensions in Apigee Edge: JWT, JWE, JWSAdvanced Security Extensions in Apigee Edge: JWT, JWE, JWS
Advanced Security Extensions in Apigee Edge: JWT, JWE, JWS
Apigee | Google Cloud
 
Creating a Context-Aware solution, Complex Event Processing with FIWARE Perseo
Creating a Context-Aware solution, Complex Event Processing with FIWARE PerseoCreating a Context-Aware solution, Complex Event Processing with FIWARE Perseo
Creating a Context-Aware solution, Complex Event Processing with FIWARE Perseo
Fernando Lopez Aguilar
 
Fiware overview
Fiware overviewFiware overview
Fiware overview
Joaquín Salvachúa
 
i4Trust IAM Components
i4Trust IAM Componentsi4Trust IAM Components
i4Trust IAM Components
FIWARE
 
Architecture for the API-enterprise
Architecture for the API-enterpriseArchitecture for the API-enterprise
Architecture for the API-enterprise
Apigee | Google Cloud
 
Introducing OpenAPI Version 3.1
Introducing OpenAPI Version 3.1Introducing OpenAPI Version 3.1
Introducing OpenAPI Version 3.1
SmartBear
 
How to debug IoT Agents
How to debug IoT AgentsHow to debug IoT Agents
How to debug IoT Agents
Fernando Lopez Aguilar
 
Re-Platforming Legacy .Net Applications to PCF Using Modernized Techniques
Re-Platforming Legacy .Net Applications to PCF Using Modernized Techniques Re-Platforming Legacy .Net Applications to PCF Using Modernized Techniques
Re-Platforming Legacy .Net Applications to PCF Using Modernized Techniques
VMware Tanzu
 

More Related Content

What's hot

FIWARE Wednesday Webinars - FIWARE Overview
FIWARE Wednesday Webinars - FIWARE OverviewFIWARE Wednesday Webinars - FIWARE Overview
FIWARE Wednesday Webinars - FIWARE Overview
FIWARE
 
FIWARE Global Summit - The Scorpio NGSI-LD Broker: Features and Supported Arc...
FIWARE Global Summit - The Scorpio NGSI-LD Broker: Features and Supported Arc...FIWARE Global Summit - The Scorpio NGSI-LD Broker: Features and Supported Arc...
FIWARE Global Summit - The Scorpio NGSI-LD Broker: Features and Supported Arc...
FIWARE
 
Session 2 - NGSI-LD primer & Smart Data Models | Train the Trainers Program
Session 2 - NGSI-LD primer & Smart Data Models | Train the Trainers ProgramSession 2 - NGSI-LD primer & Smart Data Models | Train the Trainers Program
Session 2 - NGSI-LD primer & Smart Data Models | Train the Trainers Program
FIWARE
 
Session 8 - Creating Data Processing Services | Train the Trainers Program
Session 8 - Creating Data Processing Services | Train the Trainers ProgramSession 8 - Creating Data Processing Services | Train the Trainers Program
Session 8 - Creating Data Processing Services | Train the Trainers Program
FIWARE
 
Big Data and Machine Learning with FIWARE
Big Data and Machine Learning with FIWAREBig Data and Machine Learning with FIWARE
Big Data and Machine Learning with FIWARE
Fernando Lopez Aguilar
 
FIWARE Training: NGSI-LD Advanced Operations
FIWARE Training: NGSI-LD Advanced OperationsFIWARE Training: NGSI-LD Advanced Operations
FIWARE Training: NGSI-LD Advanced Operations
FIWARE
 
FIWARE Global Summit - NGSI-LD - NGSI with Linked Data
FIWARE Global Summit - NGSI-LD - NGSI with Linked DataFIWARE Global Summit - NGSI-LD - NGSI with Linked Data
FIWARE Global Summit - NGSI-LD - NGSI with Linked Data
FIWARE
 
Data persistency (draco, cygnus, sth comet, quantum leap)
Data persistency (draco, cygnus, sth comet, quantum leap)Data persistency (draco, cygnus, sth comet, quantum leap)
Data persistency (draco, cygnus, sth comet, quantum leap)
Fernando Lopez Aguilar
 
Integrating Fiware Orion, Keyrock and Wilma
Integrating Fiware Orion, Keyrock and WilmaIntegrating Fiware Orion, Keyrock and Wilma
Integrating Fiware Orion, Keyrock and Wilma
Dalton Valadares
 
FIWARE Wednesday Webinars - Core Context Management
FIWARE Wednesday Webinars - Core Context ManagementFIWARE Wednesday Webinars - Core Context Management
FIWARE Wednesday Webinars - Core Context Management
FIWARE
 
A short introduction to Canis Major
A short introduction to Canis MajorA short introduction to Canis Major
A short introduction to Canis Major
FIWARE
 
FIWARE Wednesday Webinars - Architecting Your Smart Solution Powered by FIWARE
FIWARE Wednesday Webinars - Architecting Your Smart Solution Powered by FIWAREFIWARE Wednesday Webinars - Architecting Your Smart Solution Powered by FIWARE
FIWARE Wednesday Webinars - Architecting Your Smart Solution Powered by FIWARE
FIWARE
 
FIWARE Training: FIWARE Training: i4Trust Marketplace
FIWARE Training: FIWARE Training: i4Trust MarketplaceFIWARE Training: FIWARE Training: i4Trust Marketplace
FIWARE Training: FIWARE Training: i4Trust Marketplace
FIWARE
 
How Netflix Is Solving Authorization Across Their Cloud
How Netflix Is Solving Authorization Across Their CloudHow Netflix Is Solving Authorization Across Their Cloud
How Netflix Is Solving Authorization Across Their Cloud
Torin Sandall
 
Advanced Security Extensions in Apigee Edge: JWT, JWE, JWS
Advanced Security Extensions in Apigee Edge: JWT, JWE, JWSAdvanced Security Extensions in Apigee Edge: JWT, JWE, JWS
Advanced Security Extensions in Apigee Edge: JWT, JWE, JWS
Apigee | Google Cloud
 
Creating a Context-Aware solution, Complex Event Processing with FIWARE Perseo
Creating a Context-Aware solution, Complex Event Processing with FIWARE PerseoCreating a Context-Aware solution, Complex Event Processing with FIWARE Perseo
Creating a Context-Aware solution, Complex Event Processing with FIWARE Perseo
Fernando Lopez Aguilar
 
Fiware overview
Fiware overviewFiware overview
Fiware overview
Joaquín Salvachúa
 
i4Trust IAM Components
i4Trust IAM Componentsi4Trust IAM Components
i4Trust IAM Components
FIWARE
 
Architecture for the API-enterprise
Architecture for the API-enterpriseArchitecture for the API-enterprise
Architecture for the API-enterprise
Apigee | Google Cloud
 
Introducing OpenAPI Version 3.1
Introducing OpenAPI Version 3.1Introducing OpenAPI Version 3.1
Introducing OpenAPI Version 3.1
SmartBear
 

What's hot (20)

FIWARE Wednesday Webinars - FIWARE Overview
FIWARE Wednesday Webinars - FIWARE OverviewFIWARE Wednesday Webinars - FIWARE Overview
FIWARE Wednesday Webinars - FIWARE Overview
 
FIWARE Global Summit - The Scorpio NGSI-LD Broker: Features and Supported Arc...
FIWARE Global Summit - The Scorpio NGSI-LD Broker: Features and Supported Arc...FIWARE Global Summit - The Scorpio NGSI-LD Broker: Features and Supported Arc...
FIWARE Global Summit - The Scorpio NGSI-LD Broker: Features and Supported Arc...
 
Session 2 - NGSI-LD primer & Smart Data Models | Train the Trainers Program
Session 2 - NGSI-LD primer & Smart Data Models | Train the Trainers ProgramSession 2 - NGSI-LD primer & Smart Data Models | Train the Trainers Program
Session 2 - NGSI-LD primer & Smart Data Models | Train the Trainers Program
 
Session 8 - Creating Data Processing Services | Train the Trainers Program
Session 8 - Creating Data Processing Services | Train the Trainers ProgramSession 8 - Creating Data Processing Services | Train the Trainers Program
Session 8 - Creating Data Processing Services | Train the Trainers Program
 
Big Data and Machine Learning with FIWARE
Big Data and Machine Learning with FIWAREBig Data and Machine Learning with FIWARE
Big Data and Machine Learning with FIWARE
 
FIWARE Training: NGSI-LD Advanced Operations
FIWARE Training: NGSI-LD Advanced OperationsFIWARE Training: NGSI-LD Advanced Operations
FIWARE Training: NGSI-LD Advanced Operations
 
FIWARE Global Summit - NGSI-LD - NGSI with Linked Data
FIWARE Global Summit - NGSI-LD - NGSI with Linked DataFIWARE Global Summit - NGSI-LD - NGSI with Linked Data
FIWARE Global Summit - NGSI-LD - NGSI with Linked Data
 
Data persistency (draco, cygnus, sth comet, quantum leap)
Data persistency (draco, cygnus, sth comet, quantum leap)Data persistency (draco, cygnus, sth comet, quantum leap)
Data persistency (draco, cygnus, sth comet, quantum leap)
 
Integrating Fiware Orion, Keyrock and Wilma
Integrating Fiware Orion, Keyrock and WilmaIntegrating Fiware Orion, Keyrock and Wilma
Integrating Fiware Orion, Keyrock and Wilma
 
FIWARE Wednesday Webinars - Core Context Management
FIWARE Wednesday Webinars - Core Context ManagementFIWARE Wednesday Webinars - Core Context Management
FIWARE Wednesday Webinars - Core Context Management
 
A short introduction to Canis Major
A short introduction to Canis MajorA short introduction to Canis Major
A short introduction to Canis Major
 
FIWARE Wednesday Webinars - Architecting Your Smart Solution Powered by FIWARE
FIWARE Wednesday Webinars - Architecting Your Smart Solution Powered by FIWAREFIWARE Wednesday Webinars - Architecting Your Smart Solution Powered by FIWARE
FIWARE Wednesday Webinars - Architecting Your Smart Solution Powered by FIWARE
 
FIWARE Training: FIWARE Training: i4Trust Marketplace
FIWARE Training: FIWARE Training: i4Trust MarketplaceFIWARE Training: FIWARE Training: i4Trust Marketplace
FIWARE Training: FIWARE Training: i4Trust Marketplace
 
How Netflix Is Solving Authorization Across Their Cloud
How Netflix Is Solving Authorization Across Their CloudHow Netflix Is Solving Authorization Across Their Cloud
How Netflix Is Solving Authorization Across Their Cloud
 
Advanced Security Extensions in Apigee Edge: JWT, JWE, JWS
Advanced Security Extensions in Apigee Edge: JWT, JWE, JWSAdvanced Security Extensions in Apigee Edge: JWT, JWE, JWS
Advanced Security Extensions in Apigee Edge: JWT, JWE, JWS
 
Creating a Context-Aware solution, Complex Event Processing with FIWARE Perseo
Creating a Context-Aware solution, Complex Event Processing with FIWARE PerseoCreating a Context-Aware solution, Complex Event Processing with FIWARE Perseo
Creating a Context-Aware solution, Complex Event Processing with FIWARE Perseo
 
Fiware overview
Fiware overviewFiware overview
Fiware overview
 
i4Trust IAM Components
i4Trust IAM Componentsi4Trust IAM Components
i4Trust IAM Components
 
Architecture for the API-enterprise
Architecture for the API-enterpriseArchitecture for the API-enterprise
Architecture for the API-enterprise
 
Introducing OpenAPI Version 3.1
Introducing OpenAPI Version 3.1Introducing OpenAPI Version 3.1
Introducing OpenAPI Version 3.1
 

Similar to Kong, Keyrock, Keycloak, i4Trust - Options to Secure FIWARE in Production

How to debug IoT Agents
How to debug IoT AgentsHow to debug IoT Agents
How to debug IoT Agents
Fernando Lopez Aguilar
 
Re-Platforming Legacy .Net Applications to PCF Using Modernized Techniques
Re-Platforming Legacy .Net Applications to PCF Using Modernized Techniques Re-Platforming Legacy .Net Applications to PCF Using Modernized Techniques
Re-Platforming Legacy .Net Applications to PCF Using Modernized Techniques
VMware Tanzu
 
Kube con china_2019_7 missing factors for your production-quality 12-factor apps
Kube con china_2019_7 missing factors for your production-quality 12-factor appsKube con china_2019_7 missing factors for your production-quality 12-factor apps
Kube con china_2019_7 missing factors for your production-quality 12-factor apps
Shikha Srivastava
 
第1回福岡SoftLayer勉強会
第1回福岡SoftLayer勉強会第1回福岡SoftLayer勉強会
第1回福岡SoftLayer勉強会
Shin Sakamoto
 
Webinar: Capabilities, Confidence and Community – What Flux GA Means for You
Webinar: Capabilities, Confidence and Community – What Flux GA Means for YouWebinar: Capabilities, Confidence and Community – What Flux GA Means for You
Webinar: Capabilities, Confidence and Community – What Flux GA Means for You
Weaveworks
 
Cncf microservices security
Cncf microservices securityCncf microservices security
Cncf microservices security
Leonardo Gonçalves
 
APIConnect Security Best Practice
APIConnect Security Best PracticeAPIConnect Security Best Practice
APIConnect Security Best Practice
Shiu-Fun Poon
 
FIWARE Wednesday Webinars - How to Debug IoT Agents
FIWARE Wednesday Webinars - How to Debug IoT AgentsFIWARE Wednesday Webinars - How to Debug IoT Agents
FIWARE Wednesday Webinars - How to Debug IoT Agents
FIWARE
 
Externalized Spring Boot App Configuration
Externalized Spring Boot App ConfigurationExternalized Spring Boot App Configuration
Externalized Spring Boot App Configuration
Haufe-Lexware GmbH & Co KG
 
Intro to GitOps with Weave GitOps, Flagger and Linkerd
Intro to GitOps with Weave GitOps, Flagger and LinkerdIntro to GitOps with Weave GitOps, Flagger and Linkerd
Intro to GitOps with Weave GitOps, Flagger and Linkerd
Weaveworks
 
Webinar: ForgeRock Identity Platform Preview (Dec 2015)
Webinar: ForgeRock Identity Platform Preview (Dec 2015)Webinar: ForgeRock Identity Platform Preview (Dec 2015)
Webinar: ForgeRock Identity Platform Preview (Dec 2015)
ForgeRock
 
Introduction to Kong API Gateway
Introduction to Kong API GatewayIntroduction to Kong API Gateway
Introduction to Kong API Gateway
Yohann Ciurlik
 
Robust Network Security and Observability with GitOps and Cilium
Robust Network Security and Observability with GitOps and CiliumRobust Network Security and Observability with GitOps and Cilium
Robust Network Security and Observability with GitOps and Cilium
Weaveworks
 
Webinar: Extend The Power of The ForgeRock Identity Platform Through Scripting
Webinar: Extend The Power of The ForgeRock Identity Platform Through ScriptingWebinar: Extend The Power of The ForgeRock Identity Platform Through Scripting
Webinar: Extend The Power of The ForgeRock Identity Platform Through Scripting
ForgeRock
 
Programmable infrastructure with FlyScript
Programmable infrastructure with FlyScriptProgrammable infrastructure with FlyScript
Programmable infrastructure with FlyScript
Riverbed Technology
 
Apache NiFi SDLC Improvements
Apache NiFi SDLC ImprovementsApache NiFi SDLC Improvements
Apache NiFi SDLC Improvements
Bryan Bende
 
What's New in NGINX Plus R10?
What's New in NGINX Plus R10?What's New in NGINX Plus R10?
What's New in NGINX Plus R10?
NGINX, Inc.
 
Presentation network design and security for your v mware view deployment w...
Presentation network design and security for your v mware view deployment w...Presentation network design and security for your v mware view deployment w...
Presentation network design and security for your v mware view deployment w...solarisyourep
 
VMworld 2013: Failsafe at PCIe Level: Enabling PCIe Hot Swap
VMworld 2013: Failsafe at PCIe Level: Enabling PCIe Hot Swap VMworld 2013: Failsafe at PCIe Level: Enabling PCIe Hot Swap
VMworld 2013: Failsafe at PCIe Level: Enabling PCIe Hot Swap
VMworld
 
How to Achieve 80% Faster Builds and DevOps at Scale With Git
How to Achieve 80% Faster Builds and DevOps at Scale With Git How to Achieve 80% Faster Builds and DevOps at Scale With Git
How to Achieve 80% Faster Builds and DevOps at Scale With Git
Perforce
 

Similar to Kong, Keyrock, Keycloak, i4Trust - Options to Secure FIWARE in Production (20)

How to debug IoT Agents
How to debug IoT AgentsHow to debug IoT Agents
How to debug IoT Agents
 
Re-Platforming Legacy .Net Applications to PCF Using Modernized Techniques
Re-Platforming Legacy .Net Applications to PCF Using Modernized Techniques Re-Platforming Legacy .Net Applications to PCF Using Modernized Techniques
Re-Platforming Legacy .Net Applications to PCF Using Modernized Techniques
 
Kube con china_2019_7 missing factors for your production-quality 12-factor apps
Kube con china_2019_7 missing factors for your production-quality 12-factor appsKube con china_2019_7 missing factors for your production-quality 12-factor apps
Kube con china_2019_7 missing factors for your production-quality 12-factor apps
 
第1回福岡SoftLayer勉強会
第1回福岡SoftLayer勉強会第1回福岡SoftLayer勉強会
第1回福岡SoftLayer勉強会
 
Webinar: Capabilities, Confidence and Community – What Flux GA Means for You
Webinar: Capabilities, Confidence and Community – What Flux GA Means for YouWebinar: Capabilities, Confidence and Community – What Flux GA Means for You
Webinar: Capabilities, Confidence and Community – What Flux GA Means for You
 
Cncf microservices security
Cncf microservices securityCncf microservices security
Cncf microservices security
 
APIConnect Security Best Practice
APIConnect Security Best PracticeAPIConnect Security Best Practice
APIConnect Security Best Practice
 
FIWARE Wednesday Webinars - How to Debug IoT Agents
FIWARE Wednesday Webinars - How to Debug IoT AgentsFIWARE Wednesday Webinars - How to Debug IoT Agents
FIWARE Wednesday Webinars - How to Debug IoT Agents
 
Externalized Spring Boot App Configuration
Externalized Spring Boot App ConfigurationExternalized Spring Boot App Configuration
Externalized Spring Boot App Configuration
 
Intro to GitOps with Weave GitOps, Flagger and Linkerd
Intro to GitOps with Weave GitOps, Flagger and LinkerdIntro to GitOps with Weave GitOps, Flagger and Linkerd
Intro to GitOps with Weave GitOps, Flagger and Linkerd
 
Webinar: ForgeRock Identity Platform Preview (Dec 2015)
Webinar: ForgeRock Identity Platform Preview (Dec 2015)Webinar: ForgeRock Identity Platform Preview (Dec 2015)
Webinar: ForgeRock Identity Platform Preview (Dec 2015)
 
Introduction to Kong API Gateway
Introduction to Kong API GatewayIntroduction to Kong API Gateway
Introduction to Kong API Gateway
 
Robust Network Security and Observability with GitOps and Cilium
Robust Network Security and Observability with GitOps and CiliumRobust Network Security and Observability with GitOps and Cilium
Robust Network Security and Observability with GitOps and Cilium
 
Webinar: Extend The Power of The ForgeRock Identity Platform Through Scripting
Webinar: Extend The Power of The ForgeRock Identity Platform Through ScriptingWebinar: Extend The Power of The ForgeRock Identity Platform Through Scripting
Webinar: Extend The Power of The ForgeRock Identity Platform Through Scripting
 
Programmable infrastructure with FlyScript
Programmable infrastructure with FlyScriptProgrammable infrastructure with FlyScript
Programmable infrastructure with FlyScript
 
Apache NiFi SDLC Improvements
Apache NiFi SDLC ImprovementsApache NiFi SDLC Improvements
Apache NiFi SDLC Improvements
 
What's New in NGINX Plus R10?
What's New in NGINX Plus R10?What's New in NGINX Plus R10?
What's New in NGINX Plus R10?
 
Presentation network design and security for your v mware view deployment w...
Presentation network design and security for your v mware view deployment w...Presentation network design and security for your v mware view deployment w...
Presentation network design and security for your v mware view deployment w...
 
VMworld 2013: Failsafe at PCIe Level: Enabling PCIe Hot Swap
VMworld 2013: Failsafe at PCIe Level: Enabling PCIe Hot Swap VMworld 2013: Failsafe at PCIe Level: Enabling PCIe Hot Swap
VMworld 2013: Failsafe at PCIe Level: Enabling PCIe Hot Swap
 
How to Achieve 80% Faster Builds and DevOps at Scale With Git
How to Achieve 80% Faster Builds and DevOps at Scale With Git How to Achieve 80% Faster Builds and DevOps at Scale With Git
How to Achieve 80% Faster Builds and DevOps at Scale With Git
 

More from FIWARE

Behm_Herne_NeMo_akt.pptx
Behm_Herne_NeMo_akt.pptxBehm_Herne_NeMo_akt.pptx
Behm_Herne_NeMo_akt.pptx
FIWARE
 
Katharina Hogrebe Herne Digital Days.pdf
Katharina Hogrebe Herne Digital Days.pdf Katharina Hogrebe Herne Digital Days.pdf
Katharina Hogrebe Herne Digital Days.pdf
FIWARE
 
Christoph Mertens_IDSA_Introduction to Data Spaces.pptx
Christoph Mertens_IDSA_Introduction to Data Spaces.pptxChristoph Mertens_IDSA_Introduction to Data Spaces.pptx
Christoph Mertens_IDSA_Introduction to Data Spaces.pptx
FIWARE
 
Behm_Herne_NeMo.pptx
Behm_Herne_NeMo.pptxBehm_Herne_NeMo.pptx
Behm_Herne_NeMo.pptx
FIWARE
 
Evangelists + iHubs Promo Slides.pptx
Evangelists + iHubs Promo Slides.pptxEvangelists + iHubs Promo Slides.pptx
Evangelists + iHubs Promo Slides.pptx
FIWARE
 
Lukas Künzel Smart City Operating System.pptx
Lukas Künzel Smart City Operating System.pptxLukas Künzel Smart City Operating System.pptx
Lukas Künzel Smart City Operating System.pptx
FIWARE
 
Pierre Golz Der Transformationsprozess im Konzern Stadt.pptx
Pierre Golz Der Transformationsprozess im Konzern Stadt.pptxPierre Golz Der Transformationsprozess im Konzern Stadt.pptx
Pierre Golz Der Transformationsprozess im Konzern Stadt.pptx
FIWARE
 
Dennis Wendland_The i4Trust Collaboration Programme.pptx
Dennis Wendland_The i4Trust Collaboration Programme.pptxDennis Wendland_The i4Trust Collaboration Programme.pptx
Dennis Wendland_The i4Trust Collaboration Programme.pptx
FIWARE
 
Ulrich Ahle_FIWARE.pptx
Ulrich Ahle_FIWARE.pptxUlrich Ahle_FIWARE.pptx
Ulrich Ahle_FIWARE.pptx
FIWARE
 
Aleksandar Vrglevski _FIWARE DACH_OSIH.pptx
Aleksandar Vrglevski _FIWARE DACH_OSIH.pptxAleksandar Vrglevski _FIWARE DACH_OSIH.pptx
Aleksandar Vrglevski _FIWARE DACH_OSIH.pptx
FIWARE
 
Water Quality - Lukas Kuenzel.pdf
Water Quality - Lukas Kuenzel.pdfWater Quality - Lukas Kuenzel.pdf
Water Quality - Lukas Kuenzel.pdf
FIWARE
 
Cameron Brooks_FGS23_FIWARE Summit_Keynote_Cameron.pptx
Cameron Brooks_FGS23_FIWARE Summit_Keynote_Cameron.pptxCameron Brooks_FGS23_FIWARE Summit_Keynote_Cameron.pptx
Cameron Brooks_FGS23_FIWARE Summit_Keynote_Cameron.pptx
FIWARE
 
FiWareSummit.msGIS-Data-to-Value.2023.06.12.pptx
FiWareSummit.msGIS-Data-to-Value.2023.06.12.pptxFiWareSummit.msGIS-Data-to-Value.2023.06.12.pptx
FiWareSummit.msGIS-Data-to-Value.2023.06.12.pptx
FIWARE
 
Boris Otto_FGS2023_Opening- EU Innovations from Data_PUB_V1_BOt.pptx
Boris Otto_FGS2023_Opening- EU Innovations from Data_PUB_V1_BOt.pptxBoris Otto_FGS2023_Opening- EU Innovations from Data_PUB_V1_BOt.pptx
Boris Otto_FGS2023_Opening- EU Innovations from Data_PUB_V1_BOt.pptx
FIWARE
 
Bjoern de Vidts_FGS23_Opening_athumi - bjord de vidts - personal data spaces....
Bjoern de Vidts_FGS23_Opening_athumi - bjord de vidts - personal data spaces....Bjoern de Vidts_FGS23_Opening_athumi - bjord de vidts - personal data spaces....
Bjoern de Vidts_FGS23_Opening_athumi - bjord de vidts - personal data spaces....
FIWARE
 
Abdulrahman Ibrahim_FGS23 Opening - Abdulrahman Ibrahim.pdf
Abdulrahman Ibrahim_FGS23 Opening - Abdulrahman Ibrahim.pdfAbdulrahman Ibrahim_FGS23 Opening - Abdulrahman Ibrahim.pdf
Abdulrahman Ibrahim_FGS23 Opening - Abdulrahman Ibrahim.pdf
FIWARE
 
FGS2023_Opening_Red Hat Keynote Andrea Battaglia.pdf
FGS2023_Opening_Red Hat Keynote Andrea Battaglia.pdfFGS2023_Opening_Red Hat Keynote Andrea Battaglia.pdf
FGS2023_Opening_Red Hat Keynote Andrea Battaglia.pdf
FIWARE
 
HTAG_Skalierung_Plattform_lokal_final_versand.pptx
HTAG_Skalierung_Plattform_lokal_final_versand.pptxHTAG_Skalierung_Plattform_lokal_final_versand.pptx
HTAG_Skalierung_Plattform_lokal_final_versand.pptx
FIWARE
 
WE_LoRaWAN _ IoT.pptx
WE_LoRaWAN _ IoT.pptxWE_LoRaWAN _ IoT.pptx
WE_LoRaWAN _ IoT.pptx
FIWARE
 
EU Opp_Clara Pezuela - German chapter.pptx
EU Opp_Clara Pezuela - German chapter.pptxEU Opp_Clara Pezuela - German chapter.pptx
EU Opp_Clara Pezuela - German chapter.pptx
FIWARE
 

More from FIWARE (20)

Behm_Herne_NeMo_akt.pptx
Behm_Herne_NeMo_akt.pptxBehm_Herne_NeMo_akt.pptx
Behm_Herne_NeMo_akt.pptx
 
Katharina Hogrebe Herne Digital Days.pdf
Katharina Hogrebe Herne Digital Days.pdf Katharina Hogrebe Herne Digital Days.pdf
Katharina Hogrebe Herne Digital Days.pdf
 
Christoph Mertens_IDSA_Introduction to Data Spaces.pptx
Christoph Mertens_IDSA_Introduction to Data Spaces.pptxChristoph Mertens_IDSA_Introduction to Data Spaces.pptx
Christoph Mertens_IDSA_Introduction to Data Spaces.pptx
 
Behm_Herne_NeMo.pptx
Behm_Herne_NeMo.pptxBehm_Herne_NeMo.pptx
Behm_Herne_NeMo.pptx
 
Evangelists + iHubs Promo Slides.pptx
Evangelists + iHubs Promo Slides.pptxEvangelists + iHubs Promo Slides.pptx
Evangelists + iHubs Promo Slides.pptx
 
Lukas Künzel Smart City Operating System.pptx
Lukas Künzel Smart City Operating System.pptxLukas Künzel Smart City Operating System.pptx
Lukas Künzel Smart City Operating System.pptx
 
Pierre Golz Der Transformationsprozess im Konzern Stadt.pptx
Pierre Golz Der Transformationsprozess im Konzern Stadt.pptxPierre Golz Der Transformationsprozess im Konzern Stadt.pptx
Pierre Golz Der Transformationsprozess im Konzern Stadt.pptx
 
Dennis Wendland_The i4Trust Collaboration Programme.pptx
Dennis Wendland_The i4Trust Collaboration Programme.pptxDennis Wendland_The i4Trust Collaboration Programme.pptx
Dennis Wendland_The i4Trust Collaboration Programme.pptx
 
Ulrich Ahle_FIWARE.pptx
Ulrich Ahle_FIWARE.pptxUlrich Ahle_FIWARE.pptx
Ulrich Ahle_FIWARE.pptx
 
Aleksandar Vrglevski _FIWARE DACH_OSIH.pptx
Aleksandar Vrglevski _FIWARE DACH_OSIH.pptxAleksandar Vrglevski _FIWARE DACH_OSIH.pptx
Aleksandar Vrglevski _FIWARE DACH_OSIH.pptx
 
Water Quality - Lukas Kuenzel.pdf
Water Quality - Lukas Kuenzel.pdfWater Quality - Lukas Kuenzel.pdf
Water Quality - Lukas Kuenzel.pdf
 
Cameron Brooks_FGS23_FIWARE Summit_Keynote_Cameron.pptx
Cameron Brooks_FGS23_FIWARE Summit_Keynote_Cameron.pptxCameron Brooks_FGS23_FIWARE Summit_Keynote_Cameron.pptx
Cameron Brooks_FGS23_FIWARE Summit_Keynote_Cameron.pptx
 
FiWareSummit.msGIS-Data-to-Value.2023.06.12.pptx
FiWareSummit.msGIS-Data-to-Value.2023.06.12.pptxFiWareSummit.msGIS-Data-to-Value.2023.06.12.pptx
FiWareSummit.msGIS-Data-to-Value.2023.06.12.pptx
 
Boris Otto_FGS2023_Opening- EU Innovations from Data_PUB_V1_BOt.pptx
Boris Otto_FGS2023_Opening- EU Innovations from Data_PUB_V1_BOt.pptxBoris Otto_FGS2023_Opening- EU Innovations from Data_PUB_V1_BOt.pptx
Boris Otto_FGS2023_Opening- EU Innovations from Data_PUB_V1_BOt.pptx
 
Bjoern de Vidts_FGS23_Opening_athumi - bjord de vidts - personal data spaces....
Bjoern de Vidts_FGS23_Opening_athumi - bjord de vidts - personal data spaces....Bjoern de Vidts_FGS23_Opening_athumi - bjord de vidts - personal data spaces....
Bjoern de Vidts_FGS23_Opening_athumi - bjord de vidts - personal data spaces....
 
Abdulrahman Ibrahim_FGS23 Opening - Abdulrahman Ibrahim.pdf
Abdulrahman Ibrahim_FGS23 Opening - Abdulrahman Ibrahim.pdfAbdulrahman Ibrahim_FGS23 Opening - Abdulrahman Ibrahim.pdf
Abdulrahman Ibrahim_FGS23 Opening - Abdulrahman Ibrahim.pdf
 
FGS2023_Opening_Red Hat Keynote Andrea Battaglia.pdf
FGS2023_Opening_Red Hat Keynote Andrea Battaglia.pdfFGS2023_Opening_Red Hat Keynote Andrea Battaglia.pdf
FGS2023_Opening_Red Hat Keynote Andrea Battaglia.pdf
 
HTAG_Skalierung_Plattform_lokal_final_versand.pptx
HTAG_Skalierung_Plattform_lokal_final_versand.pptxHTAG_Skalierung_Plattform_lokal_final_versand.pptx
HTAG_Skalierung_Plattform_lokal_final_versand.pptx
 
WE_LoRaWAN _ IoT.pptx
WE_LoRaWAN _ IoT.pptxWE_LoRaWAN _ IoT.pptx
WE_LoRaWAN _ IoT.pptx
 
EU Opp_Clara Pezuela - German chapter.pptx
EU Opp_Clara Pezuela - German chapter.pptxEU Opp_Clara Pezuela - German chapter.pptx
EU Opp_Clara Pezuela - German chapter.pptx
 

Recently uploaded

Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
DianaGray10
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
Laura Byrne
 
Elevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object CalisthenicsElevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object Calisthenics
Dorra BARTAGUIZ
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
OnBoard
 
Generating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using SmithyGenerating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using Smithy
g2nightmarescribd
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
Kari Kakkonen
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
Cheryl Hung
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Product School
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
Product School
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
ControlCase
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Tobias Schneck
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Albert Hoitingh
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
Elena Simperl
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
DianaGray10
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
Product School
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
Prayukth K V
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
91mobiles
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
Sri Ambati
 

Recently uploaded (20)

Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
 
Elevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object CalisthenicsElevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object Calisthenics
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
 
Generating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using SmithyGenerating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using Smithy
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
 

Kong, Keyrock, Keycloak, i4Trust - Options to Secure FIWARE in Production

  • 1. Kong, Keyrock, Keycloak, i4Trust - Options to secure FIWARE in production Stefan Wiedemann, Technical Lead & Architect FIWARE Foundation
  • 2. 1 Role of an API-Gateway in FIWARE platforms ▪ Context Broker as the central component ▪ Contacted: • from different external actors • from different internal actors • with different loads ▪ No “self-defense” mechanism We need a component to protect the platform
  • 3. 2 Role of an API-Gateway in FIWARE platforms ▪ Context Broker as the central component ▪ Contacted: • from different external actors • from different internal actors • with different loads ▪ No “self-defense” mechanism We need a component to protect the platform
  • 4. Role of an API-Gateway in FIWARE platforms ▪ Access control: PEP-Proxy & Policy-decision Point • Allow to control who can access what ▪ Additional requirements: • Rate-limiting? • Usage-Control? • Monitoring? API-Gateway as the central entry point can provide those capabilities 3
  • 5. Role of an API-Gateway in FIWARE platforms 4
  • 6. Why Kong? ▪ One of the most popular and adopted solutions in the market ▪ OpenSource(and Enterprise) Version available, maintained by a huge and active community ▪ Production ready deployment tools ▪ Plugin-support: • FIWARE specific functionality can be implemented as plugin • Supports various languages, e.g lua, go and python ▪ Plugins for the additional requirements available - Kong Hub: • Rate-limiting • Usage monitoring 5
  • 8. Running Kong ▪ Multiple solutions available: Kong - Install and run ▪ Running with Helm on OpenShift: • Kong in the FIWARE demo environment ▪ Some details about the demo environment: • Uses the official Kong Helm-Chart • Extended with support for OpenShift routes • Pre-built image from FIWARE, already including the plugins • Declarative configuration via ConfigMap • Applied via GitOps - ArgoCD 7
  • 9. Kong as PEP-Proxy ▪ Plugins for using Kong as a PEP in FIWARE: • ngsi-ishare-policies to enforce iTrust compliant authz/n • Keyrock as PDP - delegate role-based decisions to Keyrock • Keycloak as PDP - delegate decisions to Keycloak • External-Authz - delegate decisions to a compliant endpoint, for example the DSBA-PDP to support Verifiable Credentials 8
  • 10. General plugin configuration 9 kong: … env: … plugins: bundled,pep-plugin,ngsi-ishare-policies pluginserver_names: pep-plugin pluginserver_pep_plugin_start_cmd: "/go-plugins/pep-plugin" pluginserver_pep_plugin_query_cmd: "/go-plugins/pep-plugin -dump" … dblessConfig: configMap: kong-configmap
  • 11. General plugin configuration Examples: ▪ i4Trust configuration ▪ Keyrock configuration 10 services: - host: “fiware-orion-ld” name: “orion-keyrock” port: 1026 protocol: http routes: - name: orion-keyrock paths: - /keyrock strip_path: true plugins: - name: pep-plugin config: <PLUGIN_SPECIFIC_CONFIGURATION>
  • 12. Keyrock configuration 11 # keyrock example - host: "fiware-orion-ld" name: "orion-keyrock" port: 1026 protocol: http routes: - name: orion-keyrock paths: - /keyrock strip_path: true plugins: - name: pep-plugin config: authorizationendpointtype: Keyrock authorizationendpointaddress: https://keyrock.fiware.dev/user keyrockappid: 7c902139-d4d0-461a-bb14-7fa29aa143fe - name: request-transformer config: remove: headers: - Authorization - authorization
  • 13. i4Trust configuration 12 # i4Trust example - host: "fiware-orion-ld" name: "orion-i4trust" port: 1026 protocol: http routes: - name: orion-i4trust paths: - /i4trust strip_path: true plugins: - name: ngsi-ishare-policies config: access_token: header_names: - "authorization" - "Authorization" ar: identifier: "EU.EORI.NL000000004" host: "https://ar.isharetest.net" token_endpoint: "https://ar.isharetest.net/connect/token" delegation_endpoint: "https://ar.isharetest.net/delegation" satellite: identifier: "EU.EORI.NL000000000" host: "https://scheme.isharetest.net" token_endpoint: "https://scheme.isharetest.net/connect/token" trusted_list_endpoint: "https://scheme.isharetest.net/trusted_list" jws: identifier: … private_key: … x5c: …
  • 14. Keycloak configuration 13 # keycloak example - host: "fiware-orion-ld" name: "orion-keycloak" port: 1026 protocol: http routes: - name: orion-keycloak paths: - /keycloak strip_path: true plugins: - name: pep-plugin config: authorizationendpointtype: Keycloak authorizationendpointaddress: http://fiware-keycloak:80 keycloakrealm: fiware-server keycloakclientid: orion-pep keycloakclientsecret: 978ad148-d99b-406d-83fc-578597290a79 - name: request-transformer config: remove: headers: - Authorization - authorization Keycloak Realm: https://github.com/FIWARE-Ops/fiware-gitops/blob/master/aws/fiware /keycloak/templates/realmConfigMap.yaml
  • 15. Rate-limiting ▪ Rate-limiting plugin: • https://docs.konghq.com/hub/kong-inc/rate-limiting/ • Configure per route 14 - host: "fiware-orion-ld" name: "orion-limited" port: 1026 protocol: http routes: - name: orion-limited paths: - /limited strip_path: true plugins: - name: rate-limiting config: minute: 3
  • 16. Monitoring ▪ Prometheus integration: • https://docs.konghq.com/hub/kong-inc/prometheus/ • Configure per route and enable scraping 15 - host: "fiware-orion-ld" name: "orion-keyrock" port: 1026 protocol: http routes: - name: orion-keyrock paths: - /keyrock strip_path: true plugins: - name: prometheus kong: podAnnotations: prometheus.io/scrape: 'true' prometheus.io/port: '9102'
  • 17. Further reading ▪ i4Trust-tutorials: https://github.com/i4Trust/tutorials ▪ UI: https://github.com/pantsel/konga ▪ Plugin development: • Lua • Go ▪ Slides: https://github.com/wistefan/presentations 16