You are implementing a web application with a backend of microservices architecture. Which of the following is the best solution used to authenticate communication between microservices? (Wentz QOTD)
A. PKI
B. OIDC
C. OAuth2
D. API Gateway
Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.
My suggested answer is A. PKI.
Wentz’s book, The Effective CISSP: Security and Risk Management, helps CISSP and CISM aspirants build a solid conceptual security model. It is a tutorial for information security and a supplement to the official study guides for the CISSP and CISM exams and an informative reference for security professionals.
The critical point of this question is about the communication between microservices. The public key infrastructure (PKI) supports mutual authentication, commonly implemented in the microservices architecture. Microservices can communicate using TLS and mutually authenticate based on certificates.
The clients of microservices can authenticate to an IdP via OIDC, while Auth2 supports authorization.
The API gateway typically mediates the communication between clients and microservices.
Reference
- Securing Microservices with Public key infrastructure
- Microservices Authentication and Authorization Solutions
您正在實現一個帶有微服務架構後端的 Web 應用程序。 以下哪項是驗證(authenticate)微服務之間通信的最佳解決方案? (Wentz QOTD)
A. PKI
B. OIDC
C. OAuth2
D. API Gateway