Identity and Access Management
Reduce attack surface or keep compatibility: lessons of sudo-rs and run0 transition plans
1. Februar 2026
13:35 – 13:55 In Kalender übernehmen
13:35 – 13:55 In Kalender übernehmen
H.2214
<p>An ongoing effort to reduce potential attack surface on privileged components of system administration by rewriting them in modern programming languages or introducing new components creates additional problems as well. The system management at scale requires centralization of the access controls, yet most of the new tools do not have such capabilities or don't really concern with such use cases.</p>
<p>In this talk we'd reflect on our experience of supporting large organizations relying on the infrastructure provided by FreeIPA and SSSD.</p>
Weitere Infos
| Live Stream | https://live.fosdem.org/watch/h2214 |
|---|---|
| Format | devroom |
| Sprache | Englisch |
Weitere Sessions
| 01.02.26 |
<p>Welcome to the devroom, rules and initial setup.</p>
|
| 01.02.26 |
<p>As security threats become more sophisticated, the need for efficient, real-time communication between identity providers and relying parties is essential. The Shared Signals Framework (SSF) and related specifications such as CAEP and RISC address this challenge by providing a standardised way for systems to exchange security related signals, such as session revocations, credential breaches, and other identity-related incidents, in a secure and scalable manner. This talk introduces the Shared ...
|
| 01.02.26 |
<p>We introduce the <a href="https://github.com/nextcloud/scim_client">SCIM client app</a> for <a href="https://nextcloud.com/">Nextcloud</a> that allows Nextcloud users and groups to be automatically synced to external services that support the <a href="https://tools.ietf.org/wg/scim/">SCIM</a> standard. This enables Nextcloud to act as an authoritative store of user identity information, simplifying user management across multiple connected services.</p> <p>This talk will discuss the ...
|
| 01.02.26 |
<p>OAuth 2.0 and OpenID Connect have been around for years to secure web and mobile applications alike with growing popularity.</p> <p>To keep your applications and their data secure, these standards are evolving to align with security best practices.</p> <p>Join this talk to see how the FAPI 2.0 Security Profile and the upcoming OAuth 2.1 standard promotes and enforces best practices, how to adapt your applications, and how Keycloak as an Open Source IAM can help you. Expect a demo and examples ...
|
| 01.02.26 |
<p><a href="https://www.proconnect.gouv.fr">ProConnect</a> is an open-source Federated Identity Provider written mainly in TypeScript and designed to connect professionals with government services. Developed by the French Interministerial Digital Directorate (<a href="https://www.numerique.gouv.fr/numerique-etat/dinum/">DINUM</a>), it builds on the experience of <a href="https://franceconnect.gouv.fr/">FranceConnect</a> while introducing a lightweight, modern architecture.</p> <p>This talk will ...
|
| 01.02.26 |
<p>Each month it seems we are made aware of a break in security. Some report of a data base of identity information that is reported as captured by an entity of some type. Lists of passwords, ID numbers, bank account information, credit card information. And these are only the ones we hear about, since many of these break-ins are not reported, or kept quiet.</p> <p>Often we hope that the data is encrypted, but as we all know quantum computers are coming quickly and quantum computers can take ...
|
| 01.02.26 |
<p>SUSE’s IAM evolution mirrors its corporate journey, beginning with deep dependency on Novell (later MicroFocus) Access Manager, following its transition to independence.As the organization grew, individual departments adopted several tools to solve immediate authentication needs.</p> <p>This led to a proliferation of unmanageable authentication silos across customer portals, partner networks, and internal employee systems.Recognizing the inefficiencies and risks of this fragmented ...
|
