-
|
Dear community, looking for your advice, I am getting lost a bit with guide. It is presented there as Zero Trust example using Oathkeeper, maybe I got wrong, but what I can see there on the diagram with routes config (Zero Trust with IAP Proxy Ory), is that "SecureApp" can have access to Kratos Admin API (marked red) without any authentication check. And it looks as it is a "Typical service-based application in a private infrastructure", but not "A zero-trust system with trust checks at every service boundary". Possible I am thinking in wrong direction, but to have Zero Trust, access from SecureApp to Kratos API should be additionally Thank you. |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment
-
|
Has been discussed here: |
Beta Was this translation helpful? Give feedback.
Has been discussed here:
#939