Towards Multi-party Policy-based Access Control in Federations of Cloud and Edge Microservices

The development and deployment of microservices and containers come with a promise of flexibility by embracing heterogeneity and reducing the amount of communication and coordination between service teams. However, when such software ecosystems are developed in large organizations with a high degree of independence, and deployed in the cloud and at the edge, security becomes a non-trivial concern. The challenge that we address in this work is the delegated management of access control decisions to multiple stakeholders in continuously evolving federations of cloud and edge microservices. To ensure that user-centric access control remains sustainable in such complex service delivery models, we present a dynamic granular access control solution on top of different authorization frameworks. By leveraging microservice technologies, our solution is flexible, scalable, and contextual, and can adhere to the security needs of different stakeholders in microservice federations - from DevOps teams to common end-users - with the necessary agility to respond to exceptional security circumstances.