Added note about east-west service mesh authorization to Lock README (#…

…6550)
JanssenProject · Nov 10, 2023 · 2badb24 · 2badb24
1 parent 22355b6
commit 2badb24
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 0 deletions.
diff --git a/docs/admin/lock/README.md b/docs/admin/lock/README.md
@@ -51,3 +51,10 @@ control course grain authorization in an API gateway, fine grain authorization
 in First Party API code, and the issuance of access token scopes.
 
 ![Jans Lock sample toplogy](../../assets/lock-design-diagram-00.png)
+
+This authorization model is also useful for East-West service mesh authorization
+because it avoids the "hairpin" inefficiency of routing all traffic through
+and API gateway (which is better for North-South web ingress). TLS is required
+to protect the bearer token. MTLS is even better.
+
+![Jans Lock sample toplogy](../../assets/lock-east-west-service-mesh-diagram.png)
diff --git a/docs/assets/lock-east-west-service-mesh-diagram.png b/docs/assets/lock-east-west-service-mesh-diagram.png