Authentication and Authorization in Microservice-Based Systems: Survey of Architecture Patterns

Abstract

Abstract Objective. Service-oriented architecture and its microservice-based approach increase an attack surface of applications. Exposed microservices become a pivot point for advanced persistent threats and completely change the threat landscape. Correctly implemented authentication and authorization architecture patterns are basis of any software maturity program. The aim of this study is to provide a helpful resource to application security architect and developers on existing architecture patterns to implement authentication and authorization in microservices-based systems. Method. In this paper, we conduct a systematic review of major electronic databases and libraries as well as security standards and presentations at the major security conferences. Results and practical relevance. In this work based on research papers and major security conferences presentations analysis, we identified industry best practices in authentication and authorization patterns and its applicability depending on environment characteristic. For each described patterns we reviewed its advantages and disadvantages that could be used as decision-making criteria for application security architects during architecture design phase.