{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,10]],"date-time":"2025-10-10T01:45:18Z","timestamp":1760060718625,"version":"build-2065373602"},"reference-count":43,"publisher":"MDPI AG","issue":"9","license":[{"start":{"date-parts":[[2025,9,15]],"date-time":"2025-09-15T00:00:00Z","timestamp":1757894400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"name":"European Recovery and Resilience Facility (RRF)","award":["02\/C05-i01.01\/2022.PC646908627-00000069"],"award-info":[{"award-number":["02\/C05-i01.01\/2022.PC646908627-00000069"]}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Information"],"abstract":"<jats:p>The rapid adoption of green mobility solutions\u2014such as electric-vehicle sharing and intelligent transportation systems\u2014has accelerated the integration of Internet of Things (IoT) technologies, introducing complex security and performance challenges. While conceptual Identity and Access Management (IAM) frameworks exist, few are empirically validated for the scale, heterogeneity, and real-time demands of modern mobility ecosystems. This work presents a data-backed, container-native reference architecture for secure and resilient Authentication, Authorization, and Accounting (AAA) in green mobility environments. The framework integrates Keycloak within a Kubernetes-orchestrated infrastructure and applies Zero Trust and defense-in-depth principles. Effectiveness is demonstrated through rigorous benchmarking across latency, throughput, memory footprint, and automated fault recovery. Compared to a monolithic baseline, the proposed architecture achieves over 300% higher throughput, 90% faster startup times, and 75% lower idle memory usage while enabling full service restoration in under one minute. This work establishes a validated deployment blueprint for IAM in IoT-driven transportation systems, offering a practical foundation for a secure and scalable mobility infrastructure.<\/jats:p>","DOI":"10.3390\/info16090802","type":"journal-article","created":{"date-parts":[[2025,9,16]],"date-time":"2025-09-16T07:33:02Z","timestamp":1758007982000},"page":"802","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["A Container-Native IAM Framework for Secure Green Mobility: A Case Study with Keycloak and Kubernetes"],"prefix":"10.3390","volume":"16","author":[{"ORCID":"https:\/\/orcid.org\/0009-0007-7335-5135","authenticated-orcid":false,"given":"Alexandre","family":"Sousa","sequence":"first","affiliation":[{"name":"Engineering Departement, Quinta de Prados, University of Tr\u00e1s-os-Montes e Alto Douro, 5000-801 Vila Real, Portugal"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-8434-4887","authenticated-orcid":false,"given":"Frederico","family":"Branco","sequence":"additional","affiliation":[{"name":"Engineering Departement\/INESC-TEC, Quinta de Prados, University of Tr\u00e1s-os-Montes e Alto Douro, 5000-801 Vila Real, Portugal"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-9818-7090","authenticated-orcid":false,"given":"Ars\u00e9nio","family":"Reis","sequence":"additional","affiliation":[{"name":"Engineering Departement\/INESC-TEC, Quinta de Prados, University of Tr\u00e1s-os-Montes e Alto Douro, 5000-801 Vila Real, Portugal"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-8872-5721","authenticated-orcid":false,"given":"Manuel J. C. S.","family":"Reis","sequence":"additional","affiliation":[{"name":"Engineering Departement\/IEETA, Quinta de Prados, University of Tr\u00e1s-os-Montes e Alto Douro, 5000-801 Vila Real, Portugal"}]}],"member":"1968","published-online":{"date-parts":[[2025,9,15]]},"reference":[{"key":"ref_1","doi-asserted-by":"crossref","first-page":"100785","DOI":"10.1016\/j.iot.2023.100785","article-title":"A federated authentication and authorization approach for IoT farming","volume":"22","author":"Sousa","year":"2023","journal-title":"Internet Things"},{"key":"ref_2","doi-asserted-by":"crossref","unstructured":"Mehmood, R., Hern\u00e1ndez, G., Pra\u00e7a, I., Wikarek, J., Loukanova, R., Monteiro dos Reis, A., Skarmeta, A., and Lombardi, E. (2025). Proposal of a Collaborative System to Foster the Concept of Mobility as a Service in the Green Mobility Context. Proceedings of the Distributed Computing and Artificial Intelligence, Special Sessions I, 21st International Conference, Springer.","DOI":"10.1007\/978-3-031-76459-2"},{"key":"ref_3","doi-asserted-by":"crossref","unstructured":"Cui, Y., Liu, F., Jing, X., and Mu, J. (2021). Integrating Sensing and Communications for Ubiquitous IoT: Applications, Trends and Challenges. arXiv.","DOI":"10.1109\/MNET.010.2100152"},{"key":"ref_4","doi-asserted-by":"crossref","first-page":"175","DOI":"10.2495\/UT190161","article-title":"Business Platforms for Autonomous Vehicles Within Urban Mobility","volume":"186","author":"Antonialli","year":"2019","journal-title":"WIT Trans. Built Environ."},{"key":"ref_5","doi-asserted-by":"crossref","unstructured":"Wang, S., Lehmann, C., Radeke, R., and Fitzek, F.H.P. (2024). Enabling Sustainable Urban Mobility: The Role of 5G Communication in the Mobilities for EU Project. arXiv.","DOI":"10.1109\/ISC260477.2024.11004258"},{"key":"ref_6","doi-asserted-by":"crossref","unstructured":"Shamsuddoha, M., Kashem, M.A., and Nasir, T. (2025). A Review of Transportation 5.0: Advancing Sustainable Mobility Through Intelligent Technology and Renewable Energy. Future Transp., 5.","DOI":"10.3390\/futuretransp5010008"},{"key":"ref_7","doi-asserted-by":"crossref","first-page":"498","DOI":"10.3390\/futuretransp3020029","article-title":"Mobility as a Service (MaaS) Planning and Implementation: Challenges and Lessons Learned","volume":"3","author":"Mitropoulos","year":"2023","journal-title":"Future Transp."},{"key":"ref_8","doi-asserted-by":"crossref","unstructured":"Santos, G., and Nikolaev, N. (2021). Mobility as a Service and Public Transport: A Rapid Literature Review and the Case of Moovit. Sustainability, 13.","DOI":"10.3390\/su13073666"},{"key":"ref_9","doi-asserted-by":"crossref","unstructured":"Derawi, M., Dalveren, Y., and Cheikh, F.A. (2020, January 2\u201316). Internet-of-Things-Based Smart Transportation Systems for Safer Roads. Proceedings of the 2020 IEEE 6th World Forum on Internet of Things (WF-IoT), New Orleans, LA, USA.","DOI":"10.1109\/WF-IoT48130.2020.9221208"},{"key":"ref_10","doi-asserted-by":"crossref","unstructured":"Ekpo, O., Casola, V., and De Benedictis, A. (2024, January 23\u201326). Security and Privacy Issues in Mobility-as-a-Service (MaaS): A Systematic Review. Proceedings of the 2024 19th Annual System of Systems Engineering Conference (SoSE), Tacoma, WA, USA.","DOI":"10.1109\/SOSE62659.2024.10620969"},{"key":"ref_11","unstructured":"Garroussi, Z., Legrain, A., Gambs, S., Gautrais, V., and Sans\u00f2, B. (2023). Data privacy for Mobility as a Service. arXiv."},{"key":"ref_12","doi-asserted-by":"crossref","unstructured":"Chatterjee, A., and Prinz, A. (2022). Applying Spring Security Framework with KeyCloak-Based OAuth2 to Protect Microservice Architecture APIs: A Case Study. Sensors, 22.","DOI":"10.3390\/s22051703"},{"key":"ref_13","doi-asserted-by":"crossref","first-page":"110924","DOI":"10.1016\/j.jss.2021.110924","article-title":"A Kubernetes controller for managing the availability of elastic microservice based stateful applications","volume":"175","author":"Vayghan","year":"2021","journal-title":"J. Syst. Softw."},{"key":"ref_14","unstructured":"Yasrab, R. (2023). Mitigating Docker Security Issues. arXiv."},{"key":"ref_15","doi-asserted-by":"crossref","unstructured":"Badii, C., Bellini, P., Difino, A., and Nesi, P. (2019). Sii-Mobility: An IoT\/IoE Architecture to Enhance Smart City Mobility and Transportation Services. Sensors, 19.","DOI":"10.3390\/s19010001"},{"key":"ref_16","doi-asserted-by":"crossref","first-page":"102468","DOI":"10.1016\/j.ipm.2020.102468","article-title":"Blockchain-based authentication and authorization for smart city applications","volume":"58","author":"Esposito","year":"2021","journal-title":"Inf. Process. Manag."},{"key":"ref_17","unstructured":"The Skycloak Team (2025, June 27). How IoT Devices are Revolutionizing Identity Management. Available online: https:\/\/skycloak.io\/blog\/how-iot-devices-are-revolutionizing-identity-management\/."},{"key":"ref_18","doi-asserted-by":"crossref","first-page":"1528","DOI":"10.32628\/CSEIT25112523","article-title":"Identity and Access Management in the Cloud","volume":"11","author":"Jain","year":"2025","journal-title":"Int. J. Sci. Res. Comput. Sci. Eng. Inf. Technol."},{"key":"ref_19","unstructured":"Rajba, P., Orzechowski, N., Rzepka, K., Szary, P., Nastaj, D., and Cabaj, K. (August, January 30). Identity and Access Management Architecture in the SILVANUS Project. Proceedings of the 19th International Conference on Availability, Reliability and Security, New York, NY, USA."},{"key":"ref_20","doi-asserted-by":"crossref","unstructured":"Thakur, M.A., and Gaikwad, R. (2015, January 8\u201310). User identity and Access Management trends in IT infrastructure- an overview. Proceedings of the 2015 International Conference on Pervasive Computing (ICPC), Pune, India.","DOI":"10.1109\/PERVASIVE.2015.7086972"},{"key":"ref_21","doi-asserted-by":"crossref","first-page":"170","DOI":"10.1016\/j.procs.2016.03.117","article-title":"Identity and Access Management as Security-as-a-Service from Clouds","volume":"79","author":"Sharma","year":"2016","journal-title":"Procedia Comput. Sci."},{"key":"ref_22","first-page":"574","article-title":"Identity and access management in cloud environment: Mechanisms and challenges","volume":"21","author":"Indu","year":"2018","journal-title":"Eng. Sci. Technol. Int. J."},{"key":"ref_23","doi-asserted-by":"crossref","first-page":"30","DOI":"10.24018\/ejeng.2023.8.4.3074","article-title":"IAM Identity Access Management\u2014Importance in Maintaining Security Systems within Organizations","volume":"8","author":"Singh","year":"2023","journal-title":"Eur. J. Eng. Technol. Res."},{"key":"ref_24","unstructured":"TekSlate (2024, December 19). Okta vs. Auth0: Detailed Comparison. Available online: https:\/\/tekslate.com\/okta-vs-auth0."},{"key":"ref_25","unstructured":"Okta (2024, December 20). Okta: Identity for the Internet. Available online: https:\/\/www.okta.com\/."},{"key":"ref_26","unstructured":"Gluu (2024, December 20). Gluu\u2014Identity and Access Management. Available online: https:\/\/gluu.org\/?utm_source=saasworthy.com&utm_medium=cpc&utm_banner=2998550&sub1=2998550&visitorid=2998550."},{"key":"ref_27","unstructured":"Software, D. (2024, December 21). IdentityServer\u2014Secure Your Apps and APIs. Available online: https:\/\/duendesoftware.com\/products\/identityserver."},{"key":"ref_28","doi-asserted-by":"crossref","unstructured":"Sersemis, A., Papadopoulos, A., Spanos, G., Lalas, A., Votis, K., and Tzovaras, D. (2021, January 26\u201328). A Novel Cybersecurity Architecture for IoV Communication. Proceedings of the 25th Pan-Hellenic Conference on Informatics, Volos, Greece.","DOI":"10.1145\/3503823.3503889"},{"key":"ref_29","doi-asserted-by":"crossref","unstructured":"Guija, D., and Siddiqui, M.S. (2018, January 27\u201330). Identity and Access Control for micro-services based 5G NFV platforms. Proceedings of the 13th International Conference on Availability, Reliability and Security, Hamburg, Germany.","DOI":"10.1145\/3230833.3233255"},{"key":"ref_30","doi-asserted-by":"crossref","unstructured":"Al Rahat, T., Feng, Y., and Tian, Y. (2024, January 14\u201318). AuthSaber: Automated Safety Verification of OpenID Connect Programs. Proceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security, Salt Lake City, UT, USA.","DOI":"10.1145\/3658644.3670318"},{"key":"ref_31","doi-asserted-by":"crossref","unstructured":"James, M., Newe, T., O\u2019Shea, D., and O\u2019Mahony, G.D. (2024, January 13\u201314). Authentication and Authorization in Zero Trust IoT: A Survey. Proceedings of the 2024 35th Irish Signals and Systems Conference (ISSC), Belfast, UK.","DOI":"10.1109\/ISSC61953.2024.10603175"},{"key":"ref_32","doi-asserted-by":"crossref","unstructured":"Amiri, M.J., Agrawal, D., and El Abbadi, A. (2021, January 20\u201325). Permissioned Blockchains: Properties, Techniques and Applications. Proceedings of the 2021 International Conference on Management of Data, Virtual.","DOI":"10.1145\/3448016.3457539"},{"key":"ref_33","doi-asserted-by":"crossref","unstructured":"Sciullo, L., De Marchi, A., Gigli, L., Palmirani, M., and Vitali, F. (2024, January 4\u20136). AAA: A blockchain-based architecture for ethical, robust authenticated anonymity. Proceedings of the 2024 International Conference on Information Technology for Social Good, Bremen, Germany.","DOI":"10.1145\/3677525.3678676"},{"key":"ref_34","doi-asserted-by":"crossref","unstructured":"Jin, X., and Omote, K. (2024). An efficient blockchain-based authentication scheme with transferability. PLoS ONE, 19.","DOI":"10.1371\/journal.pone.0310094"},{"key":"ref_35","doi-asserted-by":"crossref","unstructured":"Alilwit, N. (2020). Authentication Based on Blockchain. [Ph.D. Thesis, Embry-Riddle Aeronautical University].","DOI":"10.1109\/IPCCC50635.2020.9391553"},{"key":"ref_36","unstructured":"Thakur, M. (2024, February 03). Authentication, Authorization and Accounting with Ethereum Blockchain, 2017. URN:NBN:fi:hulib-201711145693. Available online: https:\/\/helda.helsinki.fi\/items\/8d0dad04-07f5-4a0d-9ed7-64db26b1e960."},{"key":"ref_37","unstructured":"Kubernetes Documentation (2024, February 03). Kubernetes Concepts Overview. Available online: https:\/\/kubernetes.io\/docs\/concepts\/overview\/."},{"key":"ref_38","unstructured":"Wong, A.Y., Chekole, E.G., Ochoa, M., and Zhou, J. (2021). Threat Modeling and Security Analysis of Containers: A Survey. arXiv."},{"key":"ref_39","unstructured":"MaaS Alliance (2021). MaaS Market Playbook, MaaS Alliance. Available online: https:\/\/maas-alliance.eu\/wp-content\/uploads\/sites\/7\/2021\/03\/05-MaaS-Alliance-Playbook-FINAL.pdf."},{"key":"ref_40","doi-asserted-by":"crossref","unstructured":"Shrestha, R., and Bertin, E. (2023). Access Control for IoT: A Survey of Existing Research, Dynamic Policies and Future Directions. Sensors, 23.","DOI":"10.3390\/s23041805"},{"key":"ref_41","doi-asserted-by":"crossref","first-page":"274","DOI":"10.60087\/jklst.v3.n4.p274","article-title":"Navigating the Landscape of Kubernetes Security Threats and Challenges","volume":"3","author":"Kampa","year":"2024","journal-title":"J. Knowl. Learn. Sci. Technol."},{"key":"ref_42","unstructured":"Mullinix, S.P., Konomi, E., Townsend, R.D., and Parizi, R.M. (2020). On Security Measures for Containerized Applications Imaged with Docker. arXiv."},{"key":"ref_43","doi-asserted-by":"crossref","first-page":"28","DOI":"10.1016\/j.compeleceng.2018.06.006","article-title":"Recent security challenges in cloud computing","volume":"71","author":"Subramanian","year":"2018","journal-title":"Comput. Electr. Eng."}],"container-title":["Information"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/2078-2489\/16\/9\/802\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,9]],"date-time":"2025-10-09T18:45:55Z","timestamp":1760035555000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/2078-2489\/16\/9\/802"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,9,15]]},"references-count":43,"journal-issue":{"issue":"9","published-online":{"date-parts":[[2025,9]]}},"alternative-id":["info16090802"],"URL":"https:\/\/doi.org\/10.3390\/info16090802","relation":{},"ISSN":["2078-2489"],"issn-type":[{"type":"electronic","value":"2078-2489"}],"subject":[],"published":{"date-parts":[[2025,9,15]]}}}