Interview with Keycloak Contributor, Takashi Norimatsu of HITACHI OSS Group

Get real time updates directly on you device, subscribe now.

Jason Perlow, Editorial Director of Linux Basis Analysis, spoke with HITACHI’s Takashi Norimatsu in regards to the Keycloak venture, an open supply id entry and administration platform.

JP: Greetings, Norimatsu-san. Are you able to inform me a bit about your self, the place in Japan do you reside, and what’s your prior expertise with data techniques? Are you able to inform me how it’s that the way you grew to become an OSS maintainer at HITACHI? Is it a part of your common duties on the firm, or is it one thing you do as a greatest effort?

こんにちは。乗松さん。少しあなた自身の事をお伺いしたいと思います。いまどちらにお住まいでしょうか? 現在の仕事をする前にIT分野でどのようなことをされてきましたでしょうか? 現在日立製作所の社員でありながら、どのようにしてオープンソースソフトウェア(OSS)のメンテナーになったのでしょうか? そして、メンテナーとしての活動は、会社の業務の一環として行っているのでしょうか?

TN: Thanks for the interview. I reside in Yokohama, the 2nd largest metropolis in Japan by inhabitants, about 35km southwest of Tokyo, Japan’s capital.

I had engaged in growing a number of varieties of apparatus and techniques, like some communication tools firmware and their operation software program, sensible upkeep techniques software program, and so forth.

My unit in Hitachi has been encouraging me to contribute options, particularly about safety to Keycloak. By following this coverage, I’ve been contributing options to the Keycloak venture for a number of years. It appears that evidently present Keycloak maintainers acknowledged my contributions and I used to be then promoted to Keycloak maintainer.

Because of contributing to those open supply actions, my unit in Hitachi determined that I’d be working as a Keycloak maintainer as my common duty.


JP: So, what’s Keycloak?  What sort of OSS is it?

Keycloak というのは、どういったOSSなのでしょうか?

TN: Keycloak is an id and entry administration open supply software program. It may be used for single sign-on, social login, and securing API accesses. Keycloak complies with a number of open requirements like OAuth 2.0, OpenID Join, SAMLv2, LDAP, Kerberos, and so forth.

Keycloakは、アイデンティティおよびアクセス管理用のOSSです。シングルサインオン、ソーシャルログイン、APIへの安全なアクセスを実現します。Keycloakは、様々な標準仕様に準拠しています。例として、 OAuth 2.0, OpenID Join, SAMLv2, LDAP, Kerberosなどが挙げられます。

JP: Why did HITACHI determine to contribute to Keycloak? 


TN: Our workforce in HITACHI gives companies for OSS within the safety space. After we seemed for an acceptable OSS for single sign-on and securing API entry, we picked up Keycloak as a result of it is vitally straightforward to make use of with no sophisticated setup and it’s extremely customizable in order that it may be utilized to a variety of use instances.


JP: Why is OAuth 2.0 not ample for accessing APIs that require a high-security degree?

高度なセキュリティが要求されるAPIアクセスにおいて、OAuth 2.0では不十分である理由はなんでしょうか?

TN: OAuth 2.0 is a framework for conveying authorization data amongst a number of entities in order that it may be used flexibly in a variety of use instances. Because of its flexibility, it could introduce safety holes whether it is used within the flawed means. To stop it, detailed methods of find out how to use OAuth 2.0 securely have been developed like Monetary-grade API (FAPI) safety profile. For Open Banking use instances on the earth, there are a number of in-service ecosystems whose safety profiles are based mostly on FAPI 1.0 Superior safety profile. For instance, Open Banking Safety Profile within the UK, Shopper Knowledge Proper (CDR) safety profile in Australia, and Open Banking Brasil Monetary-grade API Safety Profile 1.0 in Brazil.

OAuth 2.0というのは、認可情報を複数のエンティティ間で伝達するためのフレームワークです。フレームワークであることから自由度が高く、様々なユースケースに適用可能です。その自由度の高さゆえに、誤った使い方をすると、セキュリティホールが生じる恐れがあります。それを防ぐために、どのようにOAuth 2.0を安全に使用したらいいかをこと細かく定めたものをセキュリティプロファイルと呼んでいます。その一例がFinancial-grade API (FAPI) Safety Profileです。Open Bankingのユースケースにおいて、このFAPIをベースとしたセキュリティプロファイルがいくつかあります。例として、イギリスにおけるOpen Banking Safety Profile、オーストラリアにおけるConsumer Knowledge Proper (CDR) safety profile、ブラジルにおける Open Banking Brasil Monetary-grade API Safety Profile 1.0が挙げられます。

JP: How does FAPI accomplish accessing APIs that require a high-security degree?


TN: It’s tough to clarify it briefly as a result of FAPI covers a variety of applied sciences. Nonetheless, to attempt to summarize it, FAPI determines find out how to use OAuth 2.0 exactly to guarantee that the one proper shopper software can entry the fitting API offered by the useful resource server.

FAPIは様々な技術分野に関係する為一言で説明するのは難しいです。ですが、あえて言うならば、FAPIでは、OAuth 2.0のこと細かい使い方を定めることで、正しいクライアントアプリケーションが正しくAPIにアクセスできるようにします。

JP: To grow to be a maintainer of Keycloak, what sort of contribution actions did you do?


TN: I’ve been contributing some safety features to Keycloak. In these contributions, my essential contribution is supporting FAPI to Keycloak. Nonetheless, it takes lots of effort and time to do it on my own. Subsequently, some contributors acquired collectively and established FAPI-SIG to work collectively on supporting FAPI to Keycloak. Consequently, Keycloak 14 has supported FAPI 1.0 Baseline safety profile, FAPI 1.0 Superior safety profile and FAPI-CIBA safety profile. 

セキュリティに関する機能をKeycloakにコントリビューションし続けて来ました。その中で主要なものとしてFAPIのサポートが挙げられます。これは自分一人でやろうとすると非常に時間も手間もかかりますので、コントリビューターが集まりFAPI-SIGを立ち上げ、FAPIのサポート活動を行いました。結果として、Keycloak 14から FAPI 1.0 Baseline safety profile, FAPI 1.0 Superior safety profile, and FAPI-CIBA safety profileがサポートされるようになりました。

JP: What sort of help did you obtain out of your firm in your contribution actions?


TN: My firm, HITACHI sees the actual worth of Keycloak in order that it permits me to make use of a good portion of my time to contribute actions to Keycloak.


JP: That’s fantastic. Thanks Norimatsu-san, I enormously recognize your time.

Comments are closed.

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More