CAPODAZ: A Containerised Authorisation and Policy-driven Architecture using Microservices
This addresses access control challenges in microservices for IoT and cloud-based systems, but it is incremental as it builds on existing policy-driven and microservices paradigms.
The paper tackled the problem of enabling verifiable and stateless access control in microservices architectures for machine-to-machine scenarios, proposing CAPODAZ, a containerised authorisation and policy-driven architecture, and showed significant performance improvements in latency, throughput, and successful requests based on experimental data.
The microservices architectural approach has important benefits regarding the agile applications' development and the delivery of complex solutions. However, to convey the information and share the data amongst services in a verifiable and stateless way, there is a need to enable appropriate access control methods and authorisations. In this paper, we study the use of policy-driven authorisations with independent fine-grained microservices in the case of a real-world machine-to-machine (M2M) scenario using a hybrid cloud-based infrastructure and Internet of Things (IoT) services. We also model the authentication flows which facilitate the message exchanges between the involved entities, and we propose a containerised authorisation and policy-driven architecture (CAPODAZ) using the microservices paradigm. The proposed architecture implements a policy-based management framework and integrates in an on-going work regarding a Cloud-IoT intelligent transportation service. For the in-depth quantitative evaluation, we treat multiple distributions of users' populations and assess the proposed architecture against other similar microservices. The numerical results based on the experimental data show that there exists significant performance preponderance in terms of latency, throughput and successful requests.