Access control in microservice architectures

Assignee

• International Business Machines Corporation · US

Inventors

• Vincent Burckhardt · Clonee, IE
• Andre Fischer · Hamburg, DE
• Olgierd Stanislaw Pieczul · Dublin, IE
• Jürgen Schmidt · Paderborn, DE
• Xiao Feng Yu · Shanghai, CN

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04W12/08
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

A method, system and computer program product relating to an application server operable to manage a microservice-based application, i.e. app, on behalf of clients, the clients being available for use by system actors who may be, for example, end users, bots, developers or other apps. A permissions validator is used to compute effective permissions in response to client requests. The requests are granted or denied conditional on the effective permissions being at least a subset of the permissions required to be given by any of the app's microservices that are needed for the resource being requested. The effective permissions are computed from an intersection of a set of actor permissions, a set of client permissions and a set of resource permissions.