Intermediate → Advanced26 min read· Topic 9.4

Security in system design

AuthN/AuthZ, OAuth 2.0, JWT, mTLS, secrets management, DDoS protection, zero trust

🔐Key Takeaways

  • 1
    AuthN (who are you?) via OAuth 2.0 / OIDC; AuthZ (what can you do?) via RBAC, ABAC, or policy engines
  • 2
    JWT tokens: stateless auth — base64 header.payload.signature. Verify without DB lookup.
  • 3
    mTLS: both client and server authenticate — standard for microservice-to-microservice communication
  • 4
    Zero Trust: never trust, always verify — every request is authenticated regardless of network location

Security as a First-Class Concern

Security in system design isn't an afterthought — it's a fundamental design constraint. In interviews, mentioning security considerations (encryption, auth, rate limiting, DDoS protection) shows maturity.

The key principle: defense in depth. Don't rely on a single security layer. Combine network security, application security, data encryption, and monitoring.

Security Topics

OAuth 2.0 is an authorization framework — it grants access tokens but doesn't authenticate users.

OpenID Connect (OIDC) adds authentication on top of OAuth 2.0 — it provides an ID token (JWT) with user identity.

Flows: Authorization Code (web apps), Client Credentials (service-to-service), PKCE (mobile/SPA).

Structure: base64(header).base64(payload).signature. Self-contained — payload includes user ID, roles, expiry.

Advantage: Stateless — verify signature without DB lookup. Fast for microservices.

Downsides: Can't be revoked (until expiry). Keep short-lived (15 min) with refresh tokens. Never put sensitive data in payload (it's just base64, not encrypted).

Standard TLS: client verifies server's certificate. mTLS: both sides verify each other.

Used for service-to-service communication in microservices. Prevents rogue services from joining the mesh.

Managed by service mesh (Istio) or certificate authority (HashiCorp Vault, AWS Certificate Manager).

Layer 3/4: volumetric attacks (SYN flood) — mitigate with CDN/WAF (Cloudflare, AWS Shield).

Layer 7: application-level attacks (HTTP flood) — mitigate with rate limiting, CAPTCHAs, bot detection.

Architecture: CDN (absorbs L3/L4) → WAF (filters L7) → Rate limiter → Application.

Advantages

  • JWT enables stateless authentication at scale
  • mTLS secures service-to-service communication
  • Zero Trust eliminates implied trust from network location

Disadvantages

  • JWT revocation requires custom solutions (blocklists)
  • mTLS adds certificate management overhead
  • Security adds latency and operational complexity

🧪 Test Your Understanding

Knowledge Check1/1

Why should JWT tokens have short expiry times?

Related Topics in Infrastructure, Deployment & Observability

9.1Containers and orchestration30 min9.2Cloud infrastructure patterns25 min9.3Observability28 min
← Previous

Observability

Next →

Coordination and leader election