[keycloak-dev] blog topics

There's a bunch of different blogs/articles we could write over the next few months to discuss/promote Keycloak and web security. Here's some ideas: Keycloak approach to federation: * discuss our import and sync approach * discuss IDP federation (when Pedro gets it in). Validating CORS requests with Keycloak: * Discuss what CORS is and why it exists * Discuss how Keycloak helps to manage CORS requests Preventing CSRF: * Discuss what CSRF is and how HTTP SEssion/cookie based security is vulnerable * Discuss how to mitigate with bearer tokens, CORS, and other techniques we use for old-school web apps. Preventing Clickjacking * What is clickjacking. * discuss HTTP headers that apps can pass back to prevent this. How to brand/embed Keycloak to make it look like your product. There's other ones we can write down the line when we get more features in: for mobile, keycloak and the enterprise, etc... -- Bill Burke JBoss, a division of Red Hat http://bill.burkecentral.com