Digital transformation has led organizations to rethink how they manage identity in increasingly complex environments. The adoption of cloud-native architectures, coupled with the massive irruption of artificial intelligence, has created a new paradigm where security and access governance become critical pillars. In this context, events such as KeycloakCon Japan 2026 offer a space to discuss practical solutions, but beyond the agenda, what is relevant is to understand how the principles of decentralized identity and granular authorization can be applied in real projects.
Identity management has evolved from simple LDAP directories to systems based on open standards such as OAuth 2.0 and OpenID Connect. However, the advent of autonomous AI agents has introduced an additional challenge: the so-called 'Confused Deputy'. When an agent acts on behalf of a user and calls external APIs, traditional authorization boundaries are broken. This is where solutions like Keycloak demonstrate their maturity by enabling token delegation, token swapping, and fine-scope control. Companies building modern platforms need to integrate these capabilities without relying on unnecessary third-party vendors, and to do so they can turn to specialists who develop custom applications that fit their specific needs.
One of the most promising patterns is the use of Identity Assertion JWT Authorization Grants (ID-JAG), which allows the authorization of fragmented MCP servers to be outsourced. This approach, combined with tools like Athenz, helps unify identity management across large-scale infrastructures. In environments with millions of users, such as messaging or financial services platforms, the ability to prevent Confused Computing vulnerabilities through robust identity chains is critical. Security in these systems is not optional: it requires a zero-trust approach where every request is verified, even between microservices that communicate in service meshes.
Precisely, the integration of identity in construction pipelines and service meshes is another critical front. Linking human identity to code signatures using tools such as Sigstore and Keycloak ensures that every deployed artifact has full traceability. For organizations looking to adopt these types of practices, having AWS and Azure cloud services that support these standards accelerates deployment and reduces risk. In addition, platform-level authorization using WebAssembly extensions on service mesh proxies allows requests to be evaluated without modifying the application code, a prerequisite for environments with high service turnover.
Operationally, identity lifecycle management is a challenge that many companies underestimate. Realm signing certificates with predefined expiration can become a ticking time bomb if their rotation is not planned. Strategies such as selecting signing keys per customer allow for seamless incremental migrations. This type of tailor-made solutions, where product knowledge and infrastructure experience are combined, are the type of projects that we develop from Q2BSTUDIO as part of our cybersecurity and AI offer for companies.
Artificial intelligence is not only a consumer of identity, but also becomes a generator of data that must be protected. AI agents acting on behalf of users require dynamic authorization policies that are updated in real-time. To do this, integrating Keycloak with external policy engines and data sources is vital. In addition, access analytics and compliance reporting can be enhanced with business intelligence tools. At Q2BSTUDIO we offer business intelligence and Power BI services that allow you to visualize usage patterns and detect anomalies in access, contributing to a proactive security posture.
The future of cloud identity lies in standardization and automation. Projects such as Keycloak continue to incorporate support for machine identities using SPIFFE/SPIRE, strong authentication with Passkeys, and user synchronization via SCIM. These capabilities make it easy to adopt zero trust models even in hybrid environments. Companies that wish to anticipate these changes can benefit from specialized technical support, either in the implementation of open source solutions or in the development of process automation that integrates identity management with the rest of the platform.
Ultimately, identity management in the age of AI and cloud-native is not a luxury, but a strategic necessity. The ability to adapt authorization mechanisms to changing contexts, without sacrificing performance or user experience, will make the difference between a secure infrastructure and a vulnerable one. At Q2BSTUDIO we understand these challenges and offer custom applications and AWS and Azure cloud service solutions that integrate these capabilities. The key is to build on open standards, encourage community collaboration, and have technology allies who bring real-world expertise.


.jpg)
.jpg)
.jpg)
.jpg)