I’m trying to choose an authentication/authorization strategy for some Docker services that all run on a single Linux IoT device. There are N number of 1st party services, and a single 3rd party service. Each running in their own Docker container, and all on the same shared Docker Network to be able to communcate with each other.
I need to be able to authorize some endpoints being called inside the 1st party services. Really, I just need to make sure the 3rd party service can’t call certain endpoints on the 1st party services.
Since each service has its own DNS entry within Docker, would it be viable to use the caller endpoint for authentication? For example, since I know a call from ‘my-service-one’ is one of the first party services, any requests from it will get the ‘Admin’ role and can make calls to the /admin endpoint.
I have some other ideas, but since this is all running on an IoT device, I want a way for the services to
be able to run when there is no internet connection for an extended period of time.