blog

SEAN K.H. LIAO

scenarios

service authn authz

The service handles authn and authz by itself. The network just routes everything to it.

Advantages:

Disadvantages:

service authn authz external identity

The service handles authn and authz, but delegates authn to an external identity provider. The network just routes everything to it.

Advantages:

Disadvantages:

network authn service authz

The network handles authn, blocking/redirecting requests to be authenticated first. The service trusts the identity provided by the network, ex: as headers/jwt. The service decides on authz based on provided identity.

Advantages:

Disadvantages:

network authn authz

The network handles authn and also authz, deciding if requests should pass to service. The service trusts all requests as valid.

Advantages:

Disadvantages: