A Performance Comparison of Authentication and Authorization Patterns for Microservices Applications
Resumo
The microservices architecture has gained prominence in modern software development due to its flexibility, scalability, and resilience. However, ensuring robust security measures within microservices environments remains a challenge. This paper presents an empirical study evaluating authentication and authorization patterns for microservice-based applications. Three distinct versions of a baseline application were developed, each implementing a different authentication and authorization pattern: edge-level, centralized service-level, and decentralized service-level. Performance and resource consumption metrics were collected and analyzed across API endpoints. Results indicate that decentralized mechanisms generally outperform centralized approaches in terms of response time and efficiency, although they are associated with a higher storage cost.Referências
Cardoso, R. (2024). Microservices Auth Benchmark. [link].
Cillium (2021). Hubble. [link].
Cloud Native Computing Foundation (2014). Prometheus. [link].
Costa, T., Vasconcelos, D., Aderaldo, C., and Mendonça, N. (2022). Avaliação de desempenho de dois padrões de resiliência para microsserviços: Retry e circuit breaker. In Anais do XL Simpósio Brasileiro de Redes de Computadores e Sistemas Distribuídos, pages 517–530, Porto Alegre, RS, Brasil. SBC.
Dragoni, N., Giallorenzo, S., Lafuente, A. L., Mazzara, M., Montesi, F., Mustafin, R., and Safina, L. (2017). Microservices: yesterday, today, and tomorrow. Present and ulterior software engineering, pages 195–216.
Fernando, R. and Wickramaarachchi, D. (2022). Performance optimization of microservice applications under resource constrained environments. In 2022 International Research Conference on Smart Computing and Systems Engineering (SCSE), volume 5, pages 309–313.
Fowler, M. (2014). Microservices: a definition of this new architectural term. [link].
Guerrero, C., Lera, I., and Juiz, C. (2018). Resource optimization of container orchestration: a case study in multi-cloud microservices-based applications. The Journal of Supercomputing, 74(7):2956–2983.
Heinrich, R., Van Hoorn, A., Knoche, H., Li, F., Lwakatare, L. E., Pahl, C., Schulte, S., and Wettinger, J. (2017). Performance engineering for microservices: research challenges and directions. In Proceedings of the 8th ACM/SPEC on international conference on performance engineering companion, pages 223–226.
Miano, S., Risso, F., Bernal, M. V., Bertrone, M., and Lu, Y. (2021). A framework for ebpf-based network functions in an era of microservices. IEEE Transactions on Network and Service Management, 18(1):133–151.
Nasab, A. R., Shahin, M., Raviz, S. A. H., Liang, P., Mashmool, A., and Lenarduzzi, V. (2023). An empirical study of security practices for microservices systems. Journal of Systems and Software, 198:111563.
Newman, S. (2015). Building Microservices: Designing Fine-Grained Systems. O’Reilly Media, Inc.
OWASP (2017). Microservices Security Cheat Sheet. [link].
Pereira-Vale, A., Márquez, G., Astudillo, H., and Fernandez, E. B. (2019). Security mechanisms used in microservices-based systems: A systematic mapping. In 2019 XLV Latin American Computing Conference (CLEI), pages 01–10.
Sayfan, G. (2019). Hands-On Microservices with Kubernetes: Build, deploy, and manage scalable microservices on Kubernetes. Packt Publishing Ltd.
Sedghpour, M. R. S., Klein, C., and Tordsson, J. (2021). Service mesh circuit breaker: From panic button to performance management tool. In Proceedings of the 1st Workshop on High Availability and Observability of Cloud Systems, HAOC ’21, page 4–10, New York, NY, USA. Association for Computing Machinery.
Sedghpour, M. R. S. and Townend, P. (2022). Service mesh and ebpf-powered microservices: A survey and future directions. In 2022 IEEE International Conference on Service-Oriented System Engineering (SOSE), pages 176–184.
Triartono, Z., Negara, R. M., and Sussi (2019). Implementation of role-based access control on oauth 2.0 as authentication and authorization system. In 2019 6th International Conference on Electrical Engineering, Computer Science and Informatics (EECSI), pages 259–263.
Yarygina, T. and Bagge, A. H. (2018). Overcoming security challenges in microservice architectures. In 2018 IEEE Symposium on Service-Oriented System Engineering (SOSE), pages 11–20. IEEE.
Cillium (2021). Hubble. [link].
Cloud Native Computing Foundation (2014). Prometheus. [link].
Costa, T., Vasconcelos, D., Aderaldo, C., and Mendonça, N. (2022). Avaliação de desempenho de dois padrões de resiliência para microsserviços: Retry e circuit breaker. In Anais do XL Simpósio Brasileiro de Redes de Computadores e Sistemas Distribuídos, pages 517–530, Porto Alegre, RS, Brasil. SBC.
Dragoni, N., Giallorenzo, S., Lafuente, A. L., Mazzara, M., Montesi, F., Mustafin, R., and Safina, L. (2017). Microservices: yesterday, today, and tomorrow. Present and ulterior software engineering, pages 195–216.
Fernando, R. and Wickramaarachchi, D. (2022). Performance optimization of microservice applications under resource constrained environments. In 2022 International Research Conference on Smart Computing and Systems Engineering (SCSE), volume 5, pages 309–313.
Fowler, M. (2014). Microservices: a definition of this new architectural term. [link].
Guerrero, C., Lera, I., and Juiz, C. (2018). Resource optimization of container orchestration: a case study in multi-cloud microservices-based applications. The Journal of Supercomputing, 74(7):2956–2983.
Heinrich, R., Van Hoorn, A., Knoche, H., Li, F., Lwakatare, L. E., Pahl, C., Schulte, S., and Wettinger, J. (2017). Performance engineering for microservices: research challenges and directions. In Proceedings of the 8th ACM/SPEC on international conference on performance engineering companion, pages 223–226.
Miano, S., Risso, F., Bernal, M. V., Bertrone, M., and Lu, Y. (2021). A framework for ebpf-based network functions in an era of microservices. IEEE Transactions on Network and Service Management, 18(1):133–151.
Nasab, A. R., Shahin, M., Raviz, S. A. H., Liang, P., Mashmool, A., and Lenarduzzi, V. (2023). An empirical study of security practices for microservices systems. Journal of Systems and Software, 198:111563.
Newman, S. (2015). Building Microservices: Designing Fine-Grained Systems. O’Reilly Media, Inc.
OWASP (2017). Microservices Security Cheat Sheet. [link].
Pereira-Vale, A., Márquez, G., Astudillo, H., and Fernandez, E. B. (2019). Security mechanisms used in microservices-based systems: A systematic mapping. In 2019 XLV Latin American Computing Conference (CLEI), pages 01–10.
Sayfan, G. (2019). Hands-On Microservices with Kubernetes: Build, deploy, and manage scalable microservices on Kubernetes. Packt Publishing Ltd.
Sedghpour, M. R. S., Klein, C., and Tordsson, J. (2021). Service mesh circuit breaker: From panic button to performance management tool. In Proceedings of the 1st Workshop on High Availability and Observability of Cloud Systems, HAOC ’21, page 4–10, New York, NY, USA. Association for Computing Machinery.
Sedghpour, M. R. S. and Townend, P. (2022). Service mesh and ebpf-powered microservices: A survey and future directions. In 2022 IEEE International Conference on Service-Oriented System Engineering (SOSE), pages 176–184.
Triartono, Z., Negara, R. M., and Sussi (2019). Implementation of role-based access control on oauth 2.0 as authentication and authorization system. In 2019 6th International Conference on Electrical Engineering, Computer Science and Informatics (EECSI), pages 259–263.
Yarygina, T. and Bagge, A. H. (2018). Overcoming security challenges in microservice architectures. In 2018 IEEE Symposium on Service-Oriented System Engineering (SOSE), pages 11–20. IEEE.
Publicado
25/05/2026
Como Citar
CARDOSO, Rafael F.; NOBRE, Jéferson C..
A Performance Comparison of Authentication and Authorization Patterns for Microservices Applications. In: WORKSHOP DE GERÊNCIA E OPERAÇÃO DE REDES E SERVIÇOS (WGRS), 31. , 2026, Praia do Forte/BA.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2026
.
p. 1-14.
ISSN 2595-2722.
DOI: https://doi.org/10.5753/wgrs.2026.23895.
