top of page

Insights

IAM expertise, case studies, and AI governance thinking

Practical insights from Midships engineers and architects — covering Ping Identity, Keycloak, AI governance, DevSecOps, and zero downtime delivery for regulated enterprises.

20+

Published articles

4

Content categories

Categories

Search for Midships Knowledge Base

! No Results found

Scaling Identity to Millions: Session, Token, and Cache Design in Keycloak

Primary Audience: Platform Engineers building identity infrastructure, Security architects designing authentication systems, Teams operating large-scale SaaS or financial systems. CNCF Alignment: Kubernetes, HA, Multi-RegionAbstract At scale, identity systems are defined by how sessions are managed, tokens are designed, and validation is performed. In large Keycloak deployments, these decisions directly impact performance, availability, and security. This article explores practical patterns...

Designing Financial-Grade Identity: High-Availability Patterns for Keycloak on Kubernetes

Primary Audience: Platform Engineers CNCF Alignment: Kubernetes, HA, Multi-Region Abstract In regulated financial environments, identity systems must meet stringent availability and resilience requirements. While Keycloak offers flexibility and extensibility, it does not abstract the complexity of distributed system design. This article presents production-proven patterns for building highly available Keycloak deployments on Kubernetes, focusing on cache topology, multi-region design, and...

Your Permissions Model Was Not Built for AI Agents

The EU AI Act is not the only regulation your enterprise needs to think about. But it is the clearest signal that the governance gap most organisations have quietly tolerated is about to become a measurable compliance liability. This is not a policy problem. It is an architectural one. The Governance Gap Nobody Talks About Most enterprises deploying AI agents rely on the same access control infrastructure they have used for a decade. RBAC. ABAC. API gateways. Firewall rules. These tools...

McKinsey's AI Got Hacked in Two Hours. Here's What That Actually Means.

Earlier this month, a security firm called CodeWall pointed an autonomous AI agent at McKinsey's internal AI platform, Lilli. No credentials. No insider knowledge. Just a domain name. Two hours later, the agent had full read and write access to the entire production database. 46.5 million chat messages. 728,000 confidential files. 57,000 user accounts. And — most critically — 95 system prompts that controlled how Lilli thought, responded, and behaved. All writable. Silently. With a single...

Accelerating Ping Deployment with Midships Accelerator

How One of the UK’s Largest Banks Fast-Tracked Their Ping Identity Deployment with the Midships Accelerator One of the UK’s largest banks—ranked among the top 25 globally with over 30 million customers—set out to deploy the Ping Identity platform on Google Cloud Platform (GCP). The bank required a production-grade deployment capable of meeting stringent enterprise standards across security, scalability, operational control, and multi-region resilience . Key requirements included: Native...

Have You Checked Your Ping EOS Dates - Midships Helps You Prepare, Upgrade, and Protect Your IAM

Understanding Ping Product Support Status Ping Identity has formalised its product lifecycle — and for many organisations, the deadlines are approaching faster than expected. The new Support Status model finally gives clarity, but it also exposes a hidden risk: many enterprises are already running versions that are nearing End of Maintenance or End of Support. The shift to STS (Short-Term Support) and LTS (Long-Term Support) finally brings predictability to upgrade planning — but it also...

Proactive Incident Management: The Midships Guardian Approach

Recently, one of our customers reported what looked like a Severity 4 issue. Most teams would log, schedule, and resolve it in due course. But at Midships, we saw something more significant. Our engineers recognized that, if left unchecked, this issue could escalate to a Severity 1 . Such an escalation can bring systems down or disrupt business-critical services. Instead of waiting for that to happen, we acted immediately. Acting Before the Problem Escalates We spun up our Incident Bridge ...

Understanding Passkeys: The Future of Passwordless Authentication

What are Passkeys? Passkeys are a modern, passwordless authentication mechanism based on FIDO2 and WebAuthn standards. They allow users to securely sign in using cryptographic keys instead of traditional passwords. Unlike passwords, which are static and shareable secrets, passkeys utilize asymmetric encryption —a public-private key pair . The private key is securely stored on the user’s device and never leaves it. What sets passkeys apart from standard WebAuthn credentials is their ability...

WebAuthn (Web Authentication)

What it is: WebAuthn (Web Authentication) is a modern web standard developed by the World Wide Web Consortium (W3C) and FIDO Alliance that enables passwordless , phishing-resistant , and public key cryptography-based user authentication on the web. It is a core component of the FIDO2 framework, alongside CTAP (Client to Authenticator Protocol) . WebAuthn allows browsers and applications to register and authenticate users using a cryptographic key pair stored in a secure authenticator —...

LDAP/AD federation

What is it: LDAP/AD Federation is the process of integrating enterprise directory services — such as Lightweight Directory Access Protocol (LDAP) directories or Microsoft Active Directory (AD) — with external applications or Identity Providers (IdPs) to enable secure and seamless authentication without duplicating user data. LDAP is a protocol standard for querying and modifying directory services over TCP/IP, while AD is a proprietary Microsoft directory service that implements LDAP and...

When (and How) to Choose Keycloak — and Why to Partner with Midships

Keycloak is a robust, open-source Identity and Access Management (IAM) solution. Enterprises value it for standards compliance, cost advantages, and flexibility. However, running Keycloak at scale with high availability, predictable upgrades, and enterprise-grade user journeys requires more than the default distribution. Midships bridges that gap with our Keycloak Accelerator , which delivers: Zero-downtime deployment and operations Autoscaling and high-availability clustering Device...

The Role of Midships in Identity Management

Identity management stands at the core of digital security for banks, insurers, gaming platforms, and fintech leaders. The challenge is...

Enhancing Customer Journeys with the PingOne AIC Accelerator

For teams building customer journeys, speed and consistency matter just as much as functionality. That’s where the PingOne AIC Accelerator comes in. It allows developers to create and test journeys locally in the same way they would in the cloud. This leads to faster iterations, more confidence, and less back-and-forth between environments. A Client Challenge One of our clients recently faced a roadblock: themes weren’t working in their local setup. They could build the journeys, but the user...

Better PingAM Source Code Management with FACT

Customer Overview A leading gaming institution in the SEA region, leveraging the Midships Ping AIS Accelerator, sought to modernize the management of their JavaScript-based PingAM scripts, which are integral to their customer journeys. Their objective was to enhance maintainability, strengthen quality controls, and implement a more efficient code review process. This included storing source code in a readable, developer-friendly format to reduce the risk of defects reaching late-stage...

The Benefits of Regularly Updating Tooling: A Technical Perspective

Abstract In modern platform engineering, tooling forms the backbone of system performance, security, and scalability. Despite this, many...

Using BDD for Building User Journeys in PingOne AIC/AIS

Introduction to Behaviour-Driven Development (BDD) Behaviour-Driven Development (BDD) is a collaborative software development methodology...

Design a Reliable PingDS Backup Strategy

Introduction Backups are essential, but they’re only valuable if they can be restored quickly and reliably. In modern infrastructure,...

Where Midships Is Headed: Focused Expansion, AI Readiness, and Our Continued Commitment to Ping

As Midships continues to scale, we’ve taken time to reflect on where the market is heading—and what our customers will need from us next. Identity and Access Management (IAM) has changed. The core customer journeys and platform architectures have become increasingly commoditised. At the same time, the rise of AI is set to reshape how consulting firms operate—ours included. In response, we’re evolving. Not by pivoting away from what we do best, but by building intentionally toward what’s...

Cross-regional Deployment including Mainland China with the Midships Ping AIS Accelerator

Introduction A valued client who was already running the Midships Ping AIS Accelerator in their Hong Kong environment, requested our...

Identity Providers are Becoming Commodities — It's Time to Shift Focus

Identity Providers (IDPs) are becoming commoditized — and that’s a good thing. The core functions of identity management have largely...

Browse by topic

What we write about

Ping Identity

PingAM, PingIDM, PingDS, PingAuthorize, PingOne AIC — architecture, delivery, and operations

Keycloak and RHBK

Enterprise Keycloak delivery — HA, zero downtime, API-first, and Extended Auth Flow API

AI Governance

Icebreaker, runtime enforcement, agentic AI governance, and regulatory alignment

DevSecOps

GitOps, Kubernetes, zero downtime deployments, CI/CD pipelines, and IAM infrastructure

Stay current on IAM and AI governance

New articles, case studies, and technical guides published monthly — covering Ping Identity, Keycloak, Icebreaker, and zero downtime delivery for regulated enterprises.

Subscribe via email Follow on linkedIn

bottom of page