An Extensible and Secure Architecture based on Microservices

Abstract

In the Internet of Things (IoT) scenario, the distributed cross-domain nature of microservices needs secure token service (STS), key management and encryption services for authentication and authorization, and secure communication protocols. Similarly, the nature of clustered containers (in which microservices are implemented) calls for secure service discovery. The availability requirement calls for: (a) resiliency techniques, such as load balancing, circuit breaking, and throttling, and (b) continuous monitoring (for the health of the service). The service mesh is the best-known approach that can facilitate the specification of these requirements at a level of abstraction such that it can be uniformly and consistently defined while also being effectively implemented without making changes to individual microservice code. The purpose of this work is to provide deployment guidance for a robust security infrastructure for supporting microservices-based applications.