Cloud-native systems increasingly operate across multiple trust domains, creating significant challenges for securely propagating identity and authorization. Traditional approaches, such as static credentials or mTLS-only solutions, often introduce operational complexity and fail to scale in dynamic Kubernetes environments.
This session addresses these challenges by introducing federated identity patterns that combine SPIFFE and emerging OAuth extensions. Yoshiyuki Tabata will demonstrate how SPIFFE JWT SVID and OAuth Identity Chaining (draft-ietf-oauth-identity-chaining), together with Assertion Framework (RFC 7521/7523), enable secure multi-hop authorization and scalable identity propagation without relying solely on mTLS.
Attendees will gain practical insights through a demo integrating Keycloak, SPIRE, and OAuth flows, and learn how these patterns improve interoperability and security in multi-cluster Kubernetes environments.