TY - CPAPER U1 - Konferenzveröffentlichung A1 - Koschel, Arne A1 - Hausotter, Andreas A1 - Buchta, Robin A1 - Niemann, Pascal A1 - Schulze, Christin A1 - Rust, Christopher A1 - Grunewald, Alexander T1 - The Need of Security Inside a Microservices Architecture in the Insurance Industry T2 - SERVICE COMPUTATION 2022, The Fourteenth International Conference on Advanced Service Computing N2 - Even for the more traditional insurance industry, the Microservices Architecture (MSA) style plays an increasingly important role in provisioning insurance services. However, insurance businesses must operate legacy applications, enterprise software, and service-based applications in parallel for a more extended transition period. The ultimate goal of our ongoing research is to design a microservice reference architecture in cooperation with our industry partners from the insurance domain that provides an approach for the integration of applications from different architecture paradigms. In Germany, individual insurance services are classified as part of the critical infrastructure. Therefore, German insurance companies must comply with the Federal Office for Information Security requirements, which the Federal Supervisory Authority enforces. Additionally, insurance companies must comply with relevant laws, regulations, and standards as part of the business’s compliance requirements. Note: Since Germany is seen as relatively ’tough’ with respect to privacy and security demands, fullfilling those demands might well be suitable (if not even ’over-achieving’) for insurances in other countries as well. The question raises thus, of how insurance services can be secured in an application landscape shaped by the MSA style to comply with the architectural and security requirements depicted above. This article highlights the specific regulations, laws, and standards the insurance industry must comply with. We present initial architectural patterns to address authentication and authorization in an MSA tailored to the requirements of our insurance industry partners. KW - Security KW - Authorization KW - Authentication KW - Insurance Industry KW - Microservices Architecture KW - Computersicherheit KW - Autorisierung KW - Authentifikation KW - Versicherungswirtschaft KW - Mikroservice Y1 - 2022 UN - https://nbn-resolving.org/urn:nbn:de:bsz:960-opus4-25761 UR - https://www.thinkmind.org/index.php?view=article&articleid=service_computation_2022_1_20_10006 SN - 2308-3549 SS - 2308-3549 SN - 978-1-61208-947-8 SB - 978-1-61208-947-8 U6 - https://doi.org/10.25968/opus-2576 DO - https://doi.org/10.25968/opus-2576 SP - 6 EP - 12 PB - IARIA ER -