Zero-Trust Architecture in Java Microservices
Article Original Website Link: https://www.academicpublishers.org/journals/index.php/ijns/article/view/5451Keywords:
Zero-Trust Architecture, Java Microservices, Spring Security, OAuth 2.0Abstract
Securing inter-service communication and data access has become crucial as microservices become the architectural standard in enterprise software development. In dynamic, cloud-native systems, traditional perimeter-based security solutions are no longer adequate. The Zero-Trust Architecture (ZTA) in Java-based microservices is thoroughly examined in this study. We go over the fundamentals of ZTA, look at how it applies to microservices, and offer thorough methods for implementing zero-trust policies with industry-standard frameworks and tools like OAuth 2.0, Istio, and Spring Security. Additionally, a case study showing how ZTA is implemented in a distributed Java microservices application is provided.
References
NIST Special Publication 800-207, "Zero Trust Architecture," National Institute of Standards and Technology, 2020.
R. Chandramouli, “Zero Trust Architecture Design Principles,” NIST.
Spring Security Reference, https://docs.spring.io/spring-security/
Istio Security Guide, https://istio.io/latest/docs/concepts/security/
OAuth 2.0 Framework, https://datatracker.ietf.org/doc/html/rfc6749
OpenID Connect Core 1.0, https://openid.net/specs/openid-connect-core-1_0.html
“Securing Microservices with Istio and Mutual TLS,” CNCF, 2021.
Keycloak Documentation, https://www.keycloak.org/documentation
GitHub - Java JWT Libraries, https://github.com/jwtk/jjwt
“Zero Trust Security for Microservices,” InfoQ, https://www.infoq.com/articles/zero-trust-microservices/
