Murilo Góes de Almeida scite author profile

Murilo Góes de Almeida

3Publications

7Citation Statements Received

21Citation Statements Given

How they've been cited

How they cite others

Affiliations

University of Brasília

Publications

Order By: Most citations

Authentication and Authorization in Microservices Architecture: A Systematic Literature Review

Almeida

Canedo

2022

Applied Sciences

View full text Add to dashboard Cite

The microservice architectural style splits an application into small services, which are implemented independently, with their own deployment unit. This architecture can bring benefits, nevertheless, it also poses challenges, especially about security aspects. In this case, there are several microservices within a single system, it represents an increase in the exposure of the safety surface, unlike the monolithic style, there are several applications running independently and must be secured individually. In this architecture, microservices communicate with each other, sometimes in a trust relationship. In this way, unauthorized access to a specific microservice could compromise an entire system. Therefore, it brings a need to explore knowledge about issues of security in microservices, especially in aspects of authentication and authorization. In this work, a Systematic Literature Review is carried out to answer questions on this subject, involving aspects of the challenges, mechanisms and technologies that deal with authentication and authorization in microservices. It was found that there are few studies dealing with the subject, especially in practical order, however, there is a consensus that communication between microservices, mainly due to its individual and trustworthy characteristics, is a concern to be considered. To face the problems, mechanisms such as OAuth 2.0, OpenID Connect, API Gateway and JWT are used. Finally, it was found that there are few open-source technologies that implement the researched mechanisms, with some mentions of the Spring Framework.

show abstract

A Digital Signature Model Using XAdES Standard as a Rest Service

2021

View full text Add to dashboard Cite

The digital signature of documents and degrees is a topic widely discussed in the Federal Public Administration. Several laws and ordinances were created to standardize the issuance, validation and legal validity of digitally signed documents in national territory, such as the ordinances created by the Ministry of Education (MEC) to regulate the issuance of degrees in digital format. These ordinances created guidelines and standards that must be adopted by Federal Universities for the signing of in digital format. The main objective of this work is to study these ordinances, the main technologies and digital signature standards used in the literature to create a digital signature system model for University of Brasília-UnB, which complies with the MEC and ICP-Brazil standards. Moreover, the model must be developed with the main standards and technologies in the market, cohesive to the current UnB architecture, easy to maintain and update to new standards that may emerge, and also be a fully open source project. An architectural model and a prototype in Java language were developed using XAdES4j library as a microservice intermediated by the bus used in UnB. The prototype developed was compared with the current digital signature system named C3Web. The comparative tests and results between the two solutions showed that the current system used in UnB does not perform the signature in accordance with the standard proposed by the MEC, in addition to being a private system using proprietary technologies for the execution of digital signatures. The tests performed with the proposed model demonstrated that it performs the digital signature in accordance with the XAdES-T standard, regulations of the MEC and ICP-Brazil. In addition, the solution presented a performance comparable to the current system used by UnB with a little more effective security than the current system used. The current model developed in this work can be a basis for the creation of future subscription systems for Brazilian Universities.

show abstract

The Adoption of Microservices Architecture as a Natural Consequence of Legacy System Migration at Police Intelligence Department

Almeida

Canedo

2022

View full text Add to dashboard Cite

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.