Trusted Subsystem (Hogg, Smith, Chong, Hollander, Kozaczynski, Brader, Delgado, Taylor, Wall, Slater, Imran, Cibraro, Cunningham)
How can a consumer be prevented from circumventing a service and directly accessing its resources?
A consumer that accesses backend resources of a service directly can compromise the integrity of the resources and can further lead to undesirable forms of implementation coupling.
The service is designed to use its own credentials for authentication and authorization with backend resources on behalf of consumers.
Depending on the nature of the underlying resources, various design options and security technologies can be applied.
If this type of service is compromised by attackers or unauthorized consumers, it can be exploited to gain access to a wide range of downstream resources.
PrinciplesService Loose Coupling
Neither a malicious or non-malicious consumer can access the database directly. Only the service itself can access the database with its own credentials.