Good points about RBAC and ABAC, although my concern is now the gateway must know what capabilities are possible within the service. It seems like a lot of work, indeed.
> the rule for microservices that I know of, is that they must have their own database, not their own table.
That's the rule for microservices that I'm familiar with too, which is why I found the assertion elsewhere that microservices should just be "one table" pretty odd.
The simplest path is often auth offloaded onto STS or something like that with more complicated permissions needs handled by the services internally, if necessary (often it's not needed).
> the rule for microservices that I know of, is that they must have their own database, not their own table.
That's the rule for microservices that I'm familiar with too, which is why I found the assertion elsewhere that microservices should just be "one table" pretty odd.
The simplest path is often auth offloaded onto STS or something like that with more complicated permissions needs handled by the services internally, if necessary (often it's not needed).