CAPODAZ: A Containerised Authorisation and Policy-driven Architecture using Microservices

Abstract: The microservices architectural approach has important benefits regarding the agile applications' development and the delivery of complex solutions. However, to convey the information and share the data amongst services in a verifiable and stateless way, there is a need to enable appropriate access control methods and authorisations. In this paper, we study the use of policy-driven authorisations with independent fine-grained microservices in the case of a real-world machine-to-machine (M2M) scenario using a hybrid cloud-based infrastructure and Internet of Things (IoT) services. We also model the authentication flows which facilitate the message exchanges between the involved entities, and we propose a containerised authorisation and policy-driven architecture (CAPODAZ) using the microservices paradigm. The proposed architecture implements a policy-based management framework and integrates in an on-going work regarding a Cloud-IoT intelligent transportation service. For the in-depth quantitative evaluation, we treat multiple distributions of users' populations and assess the proposed architecture against other similar microservices. The numerical results based on the experimental data show that there exists significant performance preponderance in terms of latency, throughput and successful requests.