Keymate Logo

Identity & security - Keymate Blog

Category: Identity & security

Inside Keycloak Authorization: Resources & Policy Engine

Inside Keycloak Authorization: Resources & Policy Engine

A deep dive into Keycloak Authorization Services: how Resource Servers, Resources, Scopes, Policies, and Permissions fit together, and exactly how Keycloak decides permit or deny.
Eren Kan

June 2026

Fine-Grained Authorization for AI Agents: How It Works in Production

Fine-Grained Authorization for AI Agents: How It Works in Production

How Keymate enforces fine-grained authorization for AI agents: declarative policies, a centralized engine, and consistent design-time/runtime enforcement.
Hüseyin Akdoğan

June 2026

Why AI Agents Need Fine-Grained Authorization

Why AI Agents Need Fine-Grained Authorization

Authentication tells us who the agent is. The harder question is what data it can reach, under what conditions, and on whose behalf. The April 2026 PocketOS incident, in which an autonomous coding agent deleted a production database in nine seconds, showed what happens when no one is answering it.
Hüseyin Akdoğan

May 2026

AI Agent Authorization: From Java Day Demo to Open Source Toolkit

AI Agent Authorization: From Java Day Demo to Open Source Toolkit

At Java Day Istanbul 2026, we asked one question: once an AI agent has a valid token, who decides what data it can reach? This post recaps what we showed on stage, what we open-sourced afterwards, and how the deeper blog series picks up the thread.
Hüseyin Akdoğan

May 2026

Beyond the Default Image: Hardening Keycloak for Enterprise Production

Beyond the Default Image: Hardening Keycloak for Enterprise Production

The default Keycloak image is a strong baseline, not a hardened production runtime. Here is how we rebuilt it on Wolfi OS, with three-tier CVE management, non-root execution, and a Quarkus-optimized runtime.
Ali Tuğrul Pınar

April 2026

What is Keycloak? A Developer's Introduction to Identity and Access Management

What is Keycloak? A Developer's Introduction to Identity and Access Management

Learn what Keycloak is, how Identity and Access Management works, and why Keycloak is the leading open-source IAM solution for modern applications.
Muhammed Oğuz

April 2026