In this second episode of our “Digital Identity Pioneers” series, Rahul speaks with Konstantinos Georgioullakis from GRNet about their implementation of Keycloak for the European Open Science Cloud. Discover how this leading Greek digital infrastructure provider is securing access to valuable research resources while maintaining accessibility.
⏱ Reading time: 6 minutes
Digital Identity Pioneers: Securing Research Access with GRNet’s Konstantinos Georgioullakis
Rahul: Have you ever tried to get access to cutting-edge research online? It can feel like you need some secret handshake or decoder ring just to get started.
Konstantinos: I know what you mean. There’s all this important work happening behind the scenes, especially with initiatives like the European Open Science Cloud. They really need secure and easy identity management to make it all work.
Rahul: That’s exactly what we’re exploring today. Could you start by telling us about GRNet and your specific role there?
Konstantinos: GRNet is essentially Greece’s go-to digital infrastructure provider for the academic research and public sectors. We handle critical services like networking, cloud computing, and the basic infrastructure that allows these organizations to function and share data effectively.
My team has a very specific mission: making research resources within the EOSC—the European Open Science Cloud—accessible to diverse groups of users. We’re talking about everyone from researchers and policymakers to innovators and even regular citizens. Our goal is ensuring that everyone can benefit from these resources, with Keycloak being the key to achieving that seamless access.
Rahul: I understand GRNet didn’t always use Keycloak. What led you to make that switch?
Konstantinos: We made a very deliberate decision based on several factors. One of the biggest draws was Keycloak’s incredibly active and vibrant community. Because it’s open source, you have developers and users constantly contributing to making it better, which means faster responses to security vulnerabilities and quicker implementation of new standards.
The fact that it’s open source also fits perfectly with GRNet’s philosophy—we’re committed to using and contributing to open technologies. Beyond that philosophical alignment, Keycloak offered an impressive range of features, especially for OAuth and OIDC specifications.
Rahul: Could you explain briefly what OAuth is about for those who might not be familiar?
Konstantinos: Think of it like this: OAuth is what lets you give one app permission to access your data in another app without sharing your actual password. It’s all about controlling access to your data, and Keycloak provides a robust framework for managing that kind of access.
We’ve also benefited tremendously from Keycloak’s extension system. We’ve developed our own custom extensions to address specific needs within the academic community. In fact, we’re currently working on moving two other GRNet systems to a setup where they’ll use Keycloak exclusively, using one of our in-house extensions to make that happen.
Rahul: Security is obviously paramount when dealing with research data. How does GRNet use Keycloak to ensure only authorized users can access sensitive information?
Konstantinos: We implement several layers of security. First, access to our Keycloak servers, databases, and related services is tightly restricted—only available through GRNet’s internal VPN.
Rahul: A virtual private network that creates a secure tunnel for your network traffic?
Konstantinos: Exactly. And to make it even more secure, access is protected with specific digital keys—you need those keys to even “get in the door,” so to speak.
We also have systems actively monitoring for suspicious activity, like potential denial of service attacks. If we detect anything suspicious, we take immediate action to stop it. We work very closely with GRNet’s dedicated security teams to constantly assess vulnerabilities and stay ahead of emerging threats.
Regular updates to our virtual machines ensure we have all the latest security patches. We also maintain transparency with our users about data retention policies—we typically keep data for about a year and a half before it’s automatically deleted, functionality that’s built right into Keycloak.
Rahul: Looking ahead, what does the future hold for Keycloak within the EOSC? Are there any significant challenges or opportunities on the horizon?
Konstantinos: The landscape is constantly evolving. We need to implement newer OAuth protocols as they mature. I’m particularly interested in OIDC4VC—OpenID Connect for Verifiable Credentials.
Rahul: What’s that about?
Konstantinos: It’s still a developing area, but it focuses on giving people more control over their digital identities and how they present them when accessing resources. Instead of just using a username and password, you might have digitally signed credentials that prove certain things about you—like a digital driver’s license or university degree, but verified and secure.
I’m also following developments with the OpenID Federation specification. It’s currently implemented as an extension in Keycloak, but there’s significant discussion within the community about integrating it directly into the core product.
Rahul: How would you explain OpenID Federation to someone new to the concept?
Konstantinos: Think of it as a way for different organizations that all use OpenID Connect—a standard way to verify user identities—to more easily establish trust relationships. It’s about enabling seamless interoperability between different systems, which is crucial in a federated environment like EOSC where researchers from various institutions need to collaborate smoothly.
Rahul: I understand you presented at Keycloak Dev Day 2025. Could you tell us about your presentation?
Konstantinos: My colleague Andreas Kozadinos and I gave a talk titled “Enhancing Group Management in Keycloak: A Flexible Extension for Dynamic Membership Control.” We addressed the specific challenges we face in managing access for different groups of researchers and stakeholders within the EOSC, where memberships can change frequently.
Rahul: For someone who’s new to Keycloak and might feel overwhelmed by its complexity, what advice would you give them?
Konstantinos: While Keycloak is incredibly powerful and versatile, it is a large project that can seem daunting at first. My top recommendation is to really dive into the official documentation—make that your first stop. It’s the foundation for understanding how everything fits together.
Take a gradual approach, starting with core features and how they apply to your specific services or applications. For anyone thinking about contributing code to the project, study the documentation carefully. The code-level documentation could use some improvement—it’s being worked on, but it’s a big project.
I also strongly recommend attending events like Keycloak Dev Day. It’s an excellent way to connect with others and learn from their experiences. Remember that mastering Keycloak is a journey, not a destination.
Rahul: That’s excellent advice. As we wrap up, what do you see as the most significant impact of your work with Keycloak on the research community?
Konstantinos: Our implementation is helping break down barriers to scientific collaboration by providing secure, seamless access to research resources. The open-source nature means other organizations can benefit from and contribute to our work, creating a positive cycle of improvement that serves the entire community.
Ultimately, we’re helping fulfill the vision of the European Open Science Cloud—making valuable research more accessible while maintaining rigorous security standards. Identity management isn’t just a technical challenge; it’s about enabling the kind of collaboration that drives scientific progress forward.
Rahul: Thank you for sharing these insights, Konstantinos. Your work demonstrates the crucial role that identity management plays in modern research infrastructure.
Konstantinos: Thank you for the opportunity to discuss these important developments. I encourage everyone to explore how open-source solutions like Keycloak can address their identity management challenges.
This interview has been edited for clarity and length. Stay tuned for the next episode in our “Digital Identity Pioneers” series, where we’ll continue exploring the technologies and standards transforming digital identity management.
