Authentication and authorization in microservice-based systems: survey of architecture patterns
share
Context. Service-oriented architecture and its microservice-based approach increase an attack surface of applications. Exposed microservices become a pivot point for advanced persistent threats and completely change the threat landscape. Correctly implemented authentication and authorization architecture patterns are basis of any software maturity program. Objective. The aim of this study is to provide a helpful resource to application security architect and developers on existing architecture patterns to implement authentication and authorization in microservices-based systems. Method. In this paper, we conduct a review of major electronic databases and libraries as well as security standards and presentations at the major security conferences. Results. In this work based on research papers and major security conferences presentations analysis we identified industry best practices in authentication and authorization patterns and its applicability depending on environment characteristic. For each described patterns we reviewed its advantages and disadvantages that could be used as decision-making criteria for application security architects during architecture design phase.
READ FULL TEXT