How to secure microservice applications with role-based access control? (4/7)

Foto Source: Nataliya Vaitkevich (www. pexels.com) Option: JWT In the previous blog part (part 3) we have used  BasicAuthentication for transferring credentials which are then enforced in the requested service. This approach has several disadvantages. First and foremost, each service has access to user credentials. Thus, if one service is hacked, all services are impacted. […]

How to secure microservice applications with role-based access control? (5/7)

Foto Source: Ron Lach (www.pexels.com) Option: OpenID & Keycloak In the previous blog (part 4), we have introduced JSON Web Token to allow more transparent and convenient authentication and access management. In this blog (part 5), we will explore how we can extend the concept of a JWT to achieve even better standardization through oAuth2 […]

How to secure microservice applications with role-based access control? (1/7)

Foto Source: Life of Pix (www.pixels.com) Role-based Access Control (shortly RBAC) is one of the first things that come to mind if you think about security. But how can you do this consistently, without overburdening developers and IT-operation? And how can this be done in the context of micro-services architectures or – more generally speaking […]