Authentication & authorization service built on the modern Java stack around zero-trust principles: never trust, always verify; deny by default; least privilege; assume breach.