https://www.youngju.dev/blog 천천히 올바르게. AI Researcher & DevOps Engineer Youngju's tech blog. GPU/CUDA, LLM, MLOps, Kubernetes AI workloads, distributed training, and data engineering. ko fjvbn2003@gmail.com (Youngju Kim) fjvbn2003@gmail.com (Youngju Kim) Fri, 12 Jun 2026 00:00:00 GMT https://www.youngju.dev/blog/devops/2026-06-12-zero-trust-identity-aware-proxy.en https://www.youngju.dev/blog/devops/2026-06-12-zero-trust-identity-aware-proxy.en The perimeter is dead and identity-first security is the new default. This post walks through the core of the Google BeyondCorp papers and builds an Identity-Aware Proxy from scratch with oauth2-proxy and Keycloak. We cover the nginx auth_request pattern, device trust, VPN replacement scenarios, a comparison of Cloudflare Access and Pomerium, and access control for AI agents from a 2026 perspective. Fri, 12 Jun 2026 00:00:00 GMT fjvbn2003@gmail.com (Youngju Kim) zero-trustiapbeyondcorpoauth2-proxykeycloaksecuritydevops https://www.youngju.dev/blog/devops/2026-06-12-zero-trust-identity-aware-proxy.ja https://www.youngju.dev/blog/devops/2026-06-12-zero-trust-identity-aware-proxy.ja 境界型セキュリティの終焉とidentity-firstセキュリティの時代に、Google BeyondCorp論文の核心を押さえ、oauth2-proxyとKeycloakでIdentity-Aware Proxyをゼロから構築する全過程を解説します。nginx auth_requestパターン、デバイス信頼、VPN代替シナリオ、Cloudflare AccessとPomeriumの比較、そしてAIエージェントのアクセス制御まで2026年の視点で整理します。 Fri, 12 Jun 2026 00:00:00 GMT fjvbn2003@gmail.com (Youngju Kim) zero-trustiapbeyondcorpoauth2-proxykeycloaksecuritydevops https://www.youngju.dev/blog/devops/2026-06-12-zero-trust-identity-aware-proxy https://www.youngju.dev/blog/devops/2026-06-12-zero-trust-identity-aware-proxy 경계 보안의 종말과 identity-first 보안 시대, Google BeyondCorp 논문의 핵심을 짚고 oauth2-proxy와 Keycloak으로 Identity-Aware Proxy를 직접 구축하는 전 과정을 다룹니다. nginx auth_request 패턴, 디바이스 신뢰, VPN 대체 시나리오, Cloudflare Access와 Pomerium 비교, 그리고 AI agent 접근 제어까지 2026년 관점에서 정리합니다. Fri, 12 Jun 2026 00:00:00 GMT fjvbn2003@gmail.com (Youngju Kim) zero-trustiapbeyondcorpoauth2-proxykeycloaksecuritydevops