Draft NIST Special Publication 800 -204B 1 2 Attribute -based Access Control for 3 Microservices -based Applications 4 Using a Service Mesh 5 6 7 8 Ramaswamy Chandramouli 9 Zack Butcher 10 Aradhna Chetal 11 12 13 14 This publication is available free of charge from: 15 https://doi.org/10.6028/NIST.SP.800- 204B -draft 16 Draft NIST Special Publication 800 -204B 17 18 Attribute -based Access Control for 19 Microservices -based Applications 20 Using a Service Mesh 21 22 Ramaswamy Chandramouli 23 Computer Security Division 24 Information Technology Laboratory 25 Zack Butcher 26 Tetrate 27 San Francisco, CA 28 Aradhna Chetal 29 TIAA 30 New York, NY 31 32 This publication is available free of charge from: 33 https://doi.org/10.6028/ NIST.SP.800- 204B -draft 34 35 January 2021 36 37 38 39 U.S. Department of Commerce 40 Wynn Coggins , Acting Secretary 41 42 National Institute of Standards and Technology 43 James K. Olthoff , Performing the Non -Exclusive Functions and Duties of the Under Secretary of Commerce 44 for Standards and Technology & Director, National Institute of Standards and Technology 45 Authority 46 This publication has been developed by NIST in accordance with its statutory responsibilities under the 47 Federal Information Security M odernization Act (FISMA) of 2014, 44 U.S.C. § 3551 et seq. , Public Law 48 (P.L.) 113 -283. NIST is responsible for developing information security standards and guidelines, incl uding 49 minimum requirements for f ederal information systems, but such standards and guidelines shall not apply 50 to national security systems without the express approval of appropriate f ederal officials exercising policy 51 authority over such systems. This guideline is consistent with the requirements of the Office of Management 52 and Budget (OMB) Circular A -130. 53 Nothing in this publication should be taken to contradict the standards and guidelines made mandatory and 54 binding on f ederal agencies by the Secretary of Commerce under statutory authority. Nor should these 55 guidelines be interpreted as altering or superseding the existing authorities of the Secretary of Commerce, 56 Director of the OMB, or any other f ederal official. This publication may be used by nongovernmental 57 organizations on a voluntary basis and is not subject to copyright in the United States. Attribution would, 58 however, be appreciated by NIST. 59 National Institute of Standards and Technology Special Publication 800-204B 60 Natl. Inst. Stand. Technol. Spec. Publ. 800- 204B, 37 pages (January 2021 ) 61 CODEN: NSPUE2 62 This publication is available free of charge from: 63 https://doi.org/10.6028/NIST.SP.800 -204B -draft 64 Certain commercial entities, equipment, or materials may be identified in this document in order to describe an 65 experimental procedure or concept adequately. Such identification is not intended to imply recommendation or 66 endorsement by NIST, nor is it intended to imply that the entities, materials, or equipment are necessarily the best 67 available for the purpose. 68 There may be references in this publication to other publications currently under development by NIST in accordance 69 with its assigned statutory responsibilities. The information in this publication, including concepts and methodologies, 70 may be used by federal agencies even before the completion of such compa nion publications. Thus, until each 71 publication is completed, current requirements, guidelines, and procedures, where they exist, remain operative. For 72 planning and transition purposes, federal agencies may wish to closely follow the development of these new 73 publications by NIST. 74 Organizations are encouraged to review all draft publications during public comment periods and provide feedback to 75 NIST. All NIST Computer Security Division publications, other than the ones noted above,