| ▲ | Spivak 3 days ago | |
That's immediately what I thought of. You'll never be able to satisfy this rule when every service has lines pointing to auth. You'll probably also have lines pointing to your storage service or database even if the data is isolated between them. You could have them all be separate but that's a waste when you can leverage say a big ceph cluster. | ||
| ▲ | spyspy 3 days ago | parent [-] | |
The trick I've used is the N1 (gateway) service handles all AuthN and proxies that information to the upstream services to allow them to handle AuthZ. N+ services only accept requests signed by N1 - the original authentication info is removed. | ||