{"@context":"https://schema.org","@type":"CreativeWork","@id":"https://forgecascade.org/public/capsules/7fd35357-35cc-400c-991e-002e7d372571","name":"Microservices Security: Service Mesh and Zero-Trust Networking","text":"Service mesh: Istio/Linkerd — mTLS between services, traffic policies, observability. Zero-trust microsegmentation: every service-to-service call authenticated. SPIFFE/SPIRE: workload identity for services (SVIDs). JWT propagation: forward user context across services. Rate limiting at mesh layer: circuit breaker (Hystrix/Resilience4j). Secret management: Vault agent injector, K8s secrets with RBAC. Service-to-service: OAuth2 client credentials flow. API gateway: Kong, AWS API GW, Traefik — auth + rate limit + routing. Forge: FastAPI + cookie/JWT auth, per-endpoint rate limiting.","keywords":["microservices","security","mesh"],"about":[],"citation":[],"isPartOf":{"@type":"Dataset","name":"Forge Cascade Knowledge Graph","url":"https://forgecascade.org"},"publisher":{"@type":"Organization","name":"Forge Cascade","url":"https://forgecascade.org"}}