While a microservices architecture has varying degrees of component granularity, the goal of dividing the application into individual services means the runtime authorization integration must adapt accordingly.
As part of our award-winning solution, the Axiomatics Policy Decision Point (PDP) uses policies and attribute data (PIP) to make decisions about whether an attempted resource access should be permitted or denied.
The PDP is provided as a REST/JSON-based microservice built with cloud-native principles. Enforcement is done in the architecture by Policy Enforcement Points (PEP), which by their nature must be environment-specific since it is their job to intercept attempts to access a resource.
This means the enforcement point must be relatively tightly coupled to the resource it is protecting.
In a traditional monolithic application, runtime authorization policies can be served and orchestrated from one policy decision point (PDP).
However, as the application is broken down into a microservice architecture, there are multiple options to integrate the PDP as part of the microservice.
For applications built with microservices, enforcement can be done either through a proxy as part of a service mesh (e.g. Envoy) or an embedded agent (PEP) in the microservices.
Additionally, you could deploy a proxy as a sidecar or as a more centralized service at the node or the cluster level, depending on your scalability needs.
Meet with us and see how our award-winning solution can help you meet today's access control and Zero Trust needs.Request a demo