U.S. flag   An unofficial archive of your favorite United States government website
Dot gov

Official websites do not use .rip
We are an unofficial archive, replace .rip by .gov in the URL to access the official website. Access our document index here.

Https

We are building a provable archive!
A lock (Dot gov) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)

Attribute-based Access Control for Microservices-based Applications Using a Service Mesh: Draft SP 800-204B is Available for Comment
January 27, 2021

Deployment architecture in cloud-native applications now consists of loosely coupled components (microservices), with all application services provided through a dedicated infrastructure (service mesh) independent of the application code. Two critical security requirements in this architecture are (a) to build the concept of zero trust by enabling mutual authentication in communication between any pair of services and (b) a robust access control mechanism based on an access control model such as Attribute-based Access Control (ABAC) that can be used to express a wide set of policies and is scalable in terms of user base, objects (resources), and deployment environment.

Today, NIST is releasing Draft NIST Special Publication (SP) 800-204B, Attribute-based Access Control for Microservices-based Applications using a Service Mesh, for public comment. Its purpose is to provide guidance for building an ABAC-based deployment within the service mesh that meets the requirements stated above. The security assurance provided by the deployment, the supporting infrastructure needed and the advantages of the Next Generation Access Control (NGAC), the ABAC model representation developed at NIST that is used in the deployment are also discussed.

A public comment period for this document ends February 24, 2021. See the publication details for a copy of the document and instructions for submitting comments.

NOTE: A call for patent claims is included on page iii of this draft.  For additional information, see the Information Technology Laboratory (ITL) Patent Policy--Inclusion of Patents in ITL Publications.

Created January 27, 2021