[keycloak-dev] blog topics
Bill Burke
bburke at redhat.com
Sat Dec 6 10:56:26 EST 2014
There's a bunch of different blogs/articles we could write over the next
few months to discuss/promote Keycloak and web security. Here's some ideas:
Keycloak approach to federation:
* discuss our import and sync approach
* discuss IDP federation (when Pedro gets it in).
Validating CORS requests with Keycloak:
* Discuss what CORS is and why it exists
* Discuss how Keycloak helps to manage CORS requests
Preventing CSRF:
* Discuss what CSRF is and how HTTP SEssion/cookie based security is
vulnerable
* Discuss how to mitigate with bearer tokens, CORS, and other techniques
we use for old-school web apps.
Preventing Clickjacking
* What is clickjacking.
* discuss HTTP headers that apps can pass back to prevent this.
How to brand/embed Keycloak to make it look like your product.
There's other ones we can write down the line when we get more features
in: for mobile, keycloak and the enterprise, etc...
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
More information about the keycloak-dev
mailing list