Loading…
16-17 June
Learn More and Register to Attend

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for KubeCon + CloudNativeCon Japan 2025 to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

Please note: This schedule is automatically displayed in Japan Standard Time (UTC+9:00)To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date." The schedule is subject to change and session seating is available on a first-come, first-served basis. 
Type: Security clear filter
arrow_back View All Dates
Tuesday, June 17
 

14:50 JST

Mastering Authorization: Integrating Authentication and Authorization Data in Cloud Native Apps - Yoshiyuki Tabata, Hitachi, Ltd.
Tuesday June 17, 2025 14:50 - 15:20 JST
Level 1 | Pegasus B2-C
Authorization is one of the most important considerations for cloud-native applications, as highlighted by the OWASP Top 10. For a long time, there was no clear standard, making authorization a significant challenge for many implementers. The OpenID Foundation AuthZEN WG is now working on standards, focusing on interfaces between PEP (Policy Enforcement Point) and PDP (Policy Decision Point), which provides some hope.
However, managing authorization data remains challenging. Since this data is closely related to authentication data, architects often struggle with how the OP (OpenID Provider) and PDP should manage and integrate it. There are multiple methods, and the best approach varies by use case.
In this session, Yoshiyuki Tabata will explain various methods for managing and integrating authentication and authorization data. He will also describe implementation using Keycloak for OP and Topaz for PDP, providing valuable insights into effective data management.
Speakers
avatar for Yoshiyuki Tabata

Yoshiyuki Tabata

Senior OSS Consultant, Hitachi
He's a Senior OSS Consultant at Hitachi, Ltd. As an expert in IAM and APIs, he has provided numerous consultations over the past decade, including designing API and Authn/Authz platforms. He has actively contributed to CNCF TAG Security and has added significant functionalities to... Read More →
Tuesday June 17, 2025 14:50 - 15:20 JST
Level 1 | Pegasus B2-C
  Security

15:50 JST

Practical Cloud Native Compliance Automation With OSCAL Compass - Chris Butler, Red Hat & Takumi Yanagawa, IBM Research
Tuesday June 17, 2025 15:50 - 16:20 JST
Level 1 | Pegasus B2-C
Cloud presents many advantages to users in terms of flexibility, scalability and innovation. Unfortunately compliance has become more complex as standards and regulations are used by end consumers as a proxy for security of underlying platforms whose operations are opaque. Consequently platform providers have ever increasing compliance obligations.

Compliance-as-code encompasses many activities such as automation of system configuration and general DevSecOps approaches. One perpetual challenge is how to provide machine readable workflows which span from standard to audit to allow automation in a way that scales.

OSCAL-Compass, a CNCF sandbox project, provides tooling to manage both the compliance artefacts as code and link those artefacts to executable policies. This talk will provide practical introduction to using OSCAL compass to document and enforce compliance controls using two of its tools: Compliance Trestle and C2P (compliance2policy) in the context of Kubernetes clusters.
Speakers
avatar for Takumi Yanagawa

Takumi Yanagawa

Advisory Software Developer, IBM Research
Takumi is an advisory software developer working in IBM Research - Tokyo on AI for Code and Security. He has a strong background in DevOps engineer and AI Governance product development using cloud-native technologies. With several years of experience, he has worked on building and... Read More →
avatar for Chris Butler

Chris Butler

Senior Principal Chief Architect, Red Hat
Dr. Chris Butler is a Chief Architect in the APAC Field CTO Office at Red Hat. Chris’ focus is working with regulated clients who are building infrastructure, application and AI platforms. Chris facilitates co-innovation engagements with our clients and partners with our product... Read More →
Tuesday June 17, 2025 15:50 - 16:20 JST
Level 1 | Pegasus B2-C
  Security

16:30 JST

Your SBOM Is Lying To You – Let’s Make It Honest - Justin Cappos & Yuchen Zhang, New York University
Tuesday June 17, 2025 16:30 - 17:00 JST
Level 1 | Pegasus B2-C
SBOMs (Software Bills of Material) are essential for improving visibility and security in the software supply chain. As open-source code drives modern development, organizations face growing security risks due to limited transparency in software dependencies. Attacks like SolarWinds (2020) and Kaseya (2021) highlight the urgent need for stronger software supply chain security.
However, SBOMs are often inaccurate. This talk explores why these inaccuracies occur, how attackers exploit them, and how to address these issues. A key challenge is dependency management file analysis (e.g., cargo.toml for Rust), which struggles to track components effectively.
Enter SBOMit, an OpenSSF sandbox project leveraging in-toto attestations to create cryptographically verifiable SBOMs. By capturing supply chain steps as they occur, SBOMit enhances accuracy, mitigates tampering risks, and strengthens security. This talk examines SBOMit’s role in improving SBOM reliability across the CNCF ecosystem.
Speakers
avatar for Justin Cappos

Justin Cappos

Professor, New York University
I am a professor at NYU who has been working on software supply chain security for more than 20 years. I am a maintainer / creator of the TUF, Uptane, and in-toto projects, which are all under the LF. 
avatar for Yuchen Zhang

Yuchen Zhang

Postdoctoral Associate, New York University
Yuchen is currently a postdoctoral researcher with the Secure Systems Laboratory (SSL) at the Tandon School of Engineering, New York University. He obtained his Ph.D. from the Department of Computer Science at Stevens Institute of Technology. Prior to Stevens, he completed his undergraduate... Read More →
Tuesday June 17, 2025 16:30 - 17:00 JST
Level 1 | Pegasus B2-C
  Security
  • Content Experience Level Any
  • Presentation Language English
 
  • Filter By Date
    Jun 13 - 18, 2025
  • Filter By Venue
    Tokyo, Japan
    All
    Level 1 | Apollon B
    Level 1 | Appollon
    Level 1 | Cloakroom
    Level 1 | Foyer
    Level 1 | Jupiter
    Level 1 | Orion
    Level 1 | Pegasus A-B1
    Level 1 | Pegasus B2-C
    Level 1 | Ume
    NTT DOCOMO Open Lab in Odaiba
  • Filter By Type
    AI + ML
    Application Development
    Breaks
    ⚡ Lightning Talks
    All
    Application Development
    Cloud Native Experience
    Connectivity
    Data Processing + Storage
    Observability
    Security
    Cloud Native Experience
    Cloud Native Novice
    CNCF Hosted Co-Located Event
    Connectivity
    Data Processing + Storage
    Emerging + Advanced
    Experiences
    Inclusion + Accessibility
    Keynote Sessions
    All
    Cloud Native Experience
    Platform Engineering
    Maintainer Track
    Observability
    Operations + Performance
    Platform Engineering
    Project Opportunities
    All
    Project Lightning Talks
    Registration
    All
    Cloakroom
    Security
    Solutions Showcase
    Sponsor-hosted Co-located Event
    Sponsored Demos
    All
    Gold Sponsor In-Booth Demos
    Sponsored Demo Sessions
  • Content Experience Level
    Advanced
    Any
    Beginner
    Intermediate
  • Presentation Language
    English
    Japanese
  • Timezone
Need help? View Support Guides
Event questions? Contact Event Planner
Powered by Sched Event Planning Software
©2025 Sched About Privacy Terms
Share Modal

Share this link via

Or copy link

Filter sessions
Apply filters to sessions.
Filtered by Date - 
Clear filter
Friday, June 13
Sunday, June 15
Monday, June 16
Tuesday, June 17
Wednesday, June 18
Level 1 | Apollon B
Level 1 | Appollon
Level 1 | Cloakroom
Level 1 | Foyer
Level 1 | Jupiter
Level 1 | Orion
Level 1 | Pegasus A-B1
Level 1 | Pegasus B2-C
Level 1 | Ume
NTT DOCOMO Open Lab in Odaiba
  • AI + ML
  • Application Development
  • Breaks
  • ⚡ Lightning Talks
  • Cloud Native Experience
  • Cloud Native Novice
  • CNCF Hosted Co-Located Event
  • Connectivity
  • Data Processing + Storage
  • Emerging + Advanced
  • Experiences
  • Inclusion + Accessibility
  • Keynote Sessions
  • Maintainer Track
  • Observability
  • Operations + Performance
  • Platform Engineering
  • Project Opportunities
  • Registration
  • Security
  • Solutions Showcase
  • Sponsor-hosted Co-located Event
  • Sponsored Demos
  • Content Experience Level
  • Advanced
  • Any
  • Beginner
  • Intermediate
  • Presentation Language
  • English
  • Japanese