Attribute-based Access Control for Microservices-based Applications Using a Service Mesh: NIST SP 800-204B

Australian Cybersecurity Magazine -

Cloud-native applications now consist of loosely coupled components (microservices), with all application services (e.g., authentication, authorization, load balancing, etc.) provided through a dedicated infrastructure (service mesh) independent of the application code.

The requirements of the authorisation service in this environment are: (a) to build the concept of zero trust by enabling all authorizations for every interaction to be based on the identity of the user, service, or device irrespective of the location or nature of the requesting service and (b) a robust access control mechanism based on an expressive access control model such as Attribute-based Access Control (ABAC) that can be used to express a wide set of policies and is scalable in terms of the user base, objects (resources), and deployment environment.

NIST announces the publication of NIST Special Publication (SP) 800-204B, Attribute-based Access Control for Microservices-based Applications using a Service Mesh.  Its purpose is to provide guidance for building an

The post Attribute-based Access Control for Microservices-based Applications Using a Service Mesh: NIST SP 800-204B was originally published at Australian Cybersecurity Magazine.

Read More.....