U.S. flag   An unofficial archive of your favorite United States government website
Dot gov

Official websites do not use .rip
We are an unofficial archive, replace .rip by .gov in the URL to access the official website. Access our document index here.

Https

We are building a provable archive!
A lock (Dot gov) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)

This is an archive
(replace .gov by .rip)

SP 800-204B

Attribute-based Access Control for Microservices-based Applications using a Service Mesh

Date Published: August 2021

Author(s)

Ramaswamy Chandramouli (NIST), Zack Butcher (Tetrate), Aradhna Chetal (TIAA)

Abstract

Keywords

attribute-based access control; authentication policy; authorization policy; CI/CD; DevSecOps; JSON web token; microservices-based application; mutual TLS; next generation access control; policy enforcement point; role-based access control; service mesh; service proxy; zero trust
Control Families

None selected

Documentation

Publication:
SP 800-204B (DOI)
Local Download

Supplemental Material:
None available

Other Parts of this Publication:
SP 800-204
SP 800-204A

Document History:
01/26/21: SP 800-204B (Draft)
08/06/21: SP 800-204B (Final)