Tagged articles

23 articles

Page 1 of 1

Apr 15, 2026 · Information Security

Why Traditional IAM Fails for Agentic AI and How New Identity Frameworks Secure OpenClaw

The rapid rise of autonomous AI agents like OpenClaw exposes severe security gaps—over‑privileged access, unauthenticated public instances, and one‑click RCE—forcing a rethink of identity‑centric IAM designs that can protect agents through propagation, secretless auth, context awareness, and intent‑aware authorization.

AI securityAgentic AIIAM

0 likes · 15 min read

Why Traditional IAM Fails for Agentic AI and How New Identity Frameworks Secure OpenClaw

IT Architects Alliance

Dec 10, 2025 · Information Security

How to Build a Zero Trust Security Architecture: Principles, Code Samples, and Step‑by‑Step Guide

This article explains why traditional perimeter security fails in modern distributed environments and presents a comprehensive zero‑trust model, covering core design principles, technical implementation layers, practical YAML and Python examples, phased rollout strategies, technology choices, common challenges, and future trends.

IAMNetwork PolicyZero Trust

0 likes · 10 min read

How to Build a Zero Trust Security Architecture: Principles, Code Samples, and Step‑by‑Step Guide

Linux Ops Smart Journey

Nov 3, 2025 · Cloud Native

How to Build a Production-Ready High-Availability Keycloak Cluster

Learn step‑by‑step how to design and deploy a production‑grade, high‑availability Keycloak cluster using external databases, distributed session management with Infinispan, HAProxy reverse proxy, TLS termination, and Docker‑Compose orchestration, ensuring scalability, fault tolerance, and secure identity management for cloud‑native applications.

Cloud NativeDevOpsDocker Compose

0 likes · 8 min read

How to Build a Production-Ready High-Availability Keycloak Cluster

Ops Development & AI Practice

Oct 29, 2025 · Information Security

Why AssumeRole Beats GetSessionToken: Deep Dive into AWS IAM Security

The article explains the fundamental security differences between AWS GetSessionToken and AssumeRole, illustrating how AssumeRole shifts from a holder‑to‑borrower model, enables privilege de‑escalation, separation of duties, fine‑grained audit, and discusses the challenges of enumerating assumable roles and strengthening trust policies with MFA, IP and time constraints.

AWSAssumeRoleIAM

0 likes · 9 min read

Why AssumeRole Beats GetSessionToken: Deep Dive into AWS IAM Security

Ops Development & AI Practice

Jul 1, 2025 · Cloud Computing

Replace Legacy IAM Users with AWS IAM Identity Center in 3 Simple Steps

This guide explains how to replace traditional IAM users with AWS IAM Identity Center by defining permission sets, assigning them to groups and AWS accounts, and enabling users to log in via the SSO portal for seamless, secure access across multiple accounts.

AWSAccess ManagementIAM

0 likes · 6 min read

Replace Legacy IAM Users with AWS IAM Identity Center in 3 Simple Steps

Ops Development & AI Practice

Jun 29, 2025 · Cloud Computing

Build a Secure MFA‑Enabled AWS CLI Login with Cognito

This guide shows how to replace limited IAM Identity Center access by creating a lightweight, MFA‑protected CLI login portal using AWS Cognito user pools and identity pools, generating temporary STS credentials and automating the process with a Python/Boto3 script.

AWSBoto3CLI

0 likes · 11 min read

Build a Secure MFA‑Enabled AWS CLI Login with Cognito

Ops Development & AI Practice

Jun 28, 2025 · Information Security

Can You Safely Use EC2 Instance Role Credentials on Your Laptop?

This article explains why temporary AWS credentials obtained from an EC2 instance role can be copied to a local machine, how to retrieve them via the instance metadata service, and the security risks and best‑practice alternatives for debugging and access control.

AWSCloudTrailEC2

0 likes · 8 min read

Can You Safely Use EC2 Instance Role Credentials on Your Laptop?

Ops Development & AI Practice

Jun 28, 2025 · Information Security

Why Assuming AWS Roles Beats Direct Permissions: A Security Deep Dive

The article explains how using AWS AssumeRole for temporary, scoped credentials transforms static access keys into dynamic, short‑lived permissions, dramatically reducing attack windows, enforcing least‑privilege, simplifying cross‑account management, and improving auditability compared to granting permanent IAM user rights.

AWSAssumeRoleCloud Native

0 likes · 8 min read

Why Assuming AWS Roles Beats Direct Permissions: A Security Deep Dive

Ops Development & AI Practice

Jun 28, 2025 · Information Security

Mastering AWS Temporary Credentials: Securely Assume IAM Roles

This guide explains why long‑lived IAM user keys are risky, introduces IAM roles and temporary security credentials, details trust and permissions policies, and provides step‑by‑step commands and profile configurations for safely using AWS STS assume‑role in production environments.

AWSAssumeRoleIAM

0 likes · 8 min read

Mastering AWS Temporary Credentials: Securely Assume IAM Roles

Ops Development & AI Practice

Jun 22, 2025 · Cloud Computing

Secure Java Apps on EC2: Implement IAM Role Authorization in 3 Steps

This guide explains why storing AWS access keys in config files is risky, how IAM roles eliminate those risks, and provides a three‑step, code‑free process to grant a Java application running on EC2 secure, temporary credentials via the AWS SDK.

AWSEC2IAM

0 likes · 9 min read

Secure Java Apps on EC2: Implement IAM Role Authorization in 3 Steps

Ops Development & AI Practice

Jun 14, 2025 · Information Security

Designing a Resilient Zero‑Trust Security Architecture on AWS for Small Ops Teams

This article outlines a comprehensive, financial‑grade security blueprint for a three‑person operations team using AWS services such as IAM, Secrets Manager, Session Manager, GuardDuty, and WAF, emphasizing Zero Trust, Least Privilege, and Defense‑in‑Depth to protect against external attacks, internal risks, and to enable clear audit trails for incident investigation.

AWSIAMOperations

0 likes · 13 min read

Designing a Resilient Zero‑Trust Security Architecture on AWS for Small Ops Teams

DevOps

Oct 7, 2023 · Information Security

Best Practices for User and Permission Management in DevOps/SRE

This article outlines essential DevOps/SRE best practices for user and permission management, including creating individual accounts, dedicated service accounts, minimizing privileged access, using roles, rotating credentials, applying the principle of least privilege, separating environment permissions, enforcing strong passwords, multi‑factor authentication, and enabling audit logging.

IAMSecurityUser Management

0 likes · 26 min read

Best Practices for User and Permission Management in DevOps/SRE

Architects Research Society

Jun 15, 2023 · Information Security

Understanding Federated Identity Management: Concepts, Roles, Benefits, and Use Cases

Federated identity management enables users to access multiple applications across trusted domains using a single digital identity, detailing its core roles, benefits, inbound/outbound federation, account linking, just‑in‑time provisioning, home‑realm discovery, and its use as an IAM transition strategy.

IAMSecuritySingle Sign-On

0 likes · 15 min read

Understanding Federated Identity Management: Concepts, Roles, Benefits, and Use Cases

Architects Research Society

Jun 14, 2023 · Information Security

Understanding CIAM: Customer Identity and Access Management and the UMM Solution

The article explains the concept of Customer Identity and Access Management (CIAM), its importance for public‑facing applications, key features, industry trends, Gartner insights, and compares major CIAM solutions—including the UMM offering—highlighting functional coverage and deployment options.

CIAMIAMIdentity Management

0 likes · 14 min read

Understanding CIAM: Customer Identity and Access Management and the UMM Solution

Java Architecture Diary

Mar 13, 2023 · Information Security

Why MaxKey Stands Out as a Leading Open-Source SSO Solution

MaxKey is an open-source, Apache-licensed SSO platform that supports major authentication protocols, offers extensive login methods, provides multi-tenant IAM features, and includes detailed Linux deployment steps with code snippets and interface screenshots, making it a comprehensive solution for enterprise identity management.

AuthenticationIAMJava

0 likes · 6 min read

Why MaxKey Stands Out as a Leading Open-Source SSO Solution

AntTech

Jun 21, 2022 · Information Security

Zero Trust Security Model and Technical Architecture for Ant Financial Office

This article examines the evolution from traditional perimeter‑based security to zero‑trust models, compares their advantages, presents industry case studies, and details Ant Financial’s integrated zero‑trust architecture—including SDP, IAM, and micro‑segmentation—along with implementation practices and future outlook.

IAMMicro SegmentationSDP

0 likes · 17 min read

Zero Trust Security Model and Technical Architecture for Ant Financial Office

Zhongtong Tech

Jan 4, 2022 · Information Security

Why VPN Is Giving Way to SDP: A Deep Dive into Zero‑Trust Architecture

This article explains how traditional VPNs are being replaced by Software‑Defined Perimeter (SDP) solutions, detailing the underlying protocols, encryption methods, SOCKS5 proxy integration, custom DNS handling, IAM integration, and the ZFE gateway architecture that together enable a zero‑trust network for modern enterprises.

IAMSDPSOCKS5

0 likes · 22 min read

Why VPN Is Giving Way to SDP: A Deep Dive into Zero‑Trust Architecture

IT Architects Alliance

Jun 19, 2021 · Operations

Reference Architecture for Digital Transformation Platforms

The article outlines a comprehensive reference architecture for digital transformation platforms, detailing typical organizational contexts, desired outcomes, and key components such as integration layers, API gateways, IAM, BPM, observability, multi‑region deployment, and development practices to enable seamless, secure, and scalable business services.

Digital TransformationIAMIntegration

0 likes · 10 min read

Reference Architecture for Digital Transformation Platforms

Tencent Cloud Developer

Mar 29, 2021 · Information Security

What Is Zero Trust? Benefits, Technologies, and Deployment Guide

This article explains the Zero Trust security model, its advantages over traditional perimeter defenses, core technologies such as SDP, IAM, and micro‑segmentation, implementation principles, essential components, real‑world deployment scenarios, future trends, and Tencent's practical contributions to the industry.

IAMSDPZero Trust

0 likes · 16 min read

What Is Zero Trust? Benefits, Technologies, and Deployment Guide

Bitu Technology

Apr 14, 2020 · Information Security

Okta & AWS Integration Configuration Guide: Using SAML and STS for Secure Access

This guide explains how to replace static AWS IAM credentials with secure, time‑limited access by integrating Okta SSO via SAML, configuring the necessary Okta application, AWS identity provider, IAM roles, and using bash scripts to obtain temporary STS credentials for authenticated AWS operations.

AWSIAMOkta

0 likes · 13 min read

Okta & AWS Integration Configuration Guide: Using SAML and STS for Secure Access

Efficient Ops

Jul 18, 2019 · Information Security

How DevOps Can Tackle the Growing Wave of Cloud Security Challenges

The article summarizes Chen Weijia’s DevOps International Summit talk on confronting expanding cloud security threats, covering DevSecOps practices, code scanning tools, encryption strategies, permission segmentation, and unified identity management to balance efficiency and security in modern software delivery.

DevSecOpsIAMci/cd

0 likes · 13 min read

How DevOps Can Tackle the Growing Wave of Cloud Security Challenges

Zhongtong Tech

Dec 7, 2018 · Information Security

Designing a Cloud‑Native IAM for Zero‑Trust Security at a Leading Courier

This article explains how ZTO Express built a cloud‑native Identity and Access Management platform to support zero‑trust security, detailing business‑driven risk challenges, design goals, core modules such as identity space, account system, organization support, integration, authorization, micro‑service security, certificate management, automated auditing, and a mobile app.

Cloud NativeIAMIdentity Management

0 likes · 17 min read

Designing a Cloud‑Native IAM for Zero‑Trust Security at a Leading Courier

Beike Product & Technology

Sep 30, 2017 · Information Security

Design and Implementation of OpenIAM: A Cloud Identity and Access Management Service Inspired by AWS IAM

The article describes the challenges of resource isolation and permission management in a microservice environment, explains AWS IAM concepts and policies, and details the design, development, and expected benefits of the internally built OpenIAM service for unified authentication and authorization across services.

AWSAccess ManagementIAM

0 likes · 9 min read

Design and Implementation of OpenIAM: A Cloud Identity and Access Management Service Inspired by AWS IAM