Easy security management over microservices architectures based on OpenAPI Specification





Publicado en

Actas de las XV Jornadas de Ciencia e Ingeniería de Servicios (JCIS 2019)

Licencia Creative Commons


Nowadays, many developers around the world use RESTful APIs along microservices architectures. These APIs are increasingly being described using the OpenAPI Specification standard. Moreover, they usually require some level of security. However, maintaining security settings across the entire architecture can be a time-consuming task. For example, adding a new role to the application may lead to modifying the settings for each API. This approach presents various drawbacks, such as low scalability. We have found this problem while working on an institutional web page. This is why we are developing an extension for OpenAPI which allows for easier security management on microservices applications. Furthermore, the in-progress Node.js module will perform automatic validation of JSON Web Tokens. JWTs are a simple and standard way to implement access control. Using them along with the aforementioned extension will greatly reduce development time. By providing some configuration parameters, a single API or a whole infrastructure will be more secure. This will also cause bigger applications to be more scalable and easy to maintain.


Acerca de Fresno-Aranda, Rafael

Palabras clave

API, Extension, Microservices, OpenAPI, REST, Security, Standard
Página completa del ítem
Notificar un error en este artículo
Mostrar cita
Mostrar cita en BibTeX
Descargar cita en BibTeX