given development project, your APIs are treated as “ﬁrst-class citizens.” That everything about a project revolves around the idea that the end product will be consumed by mobile devices, and that APIs will be consumed by client applications. Source: https://swagger.io/resources/articles/adopting-an-api-ﬁrst-approach/
of giving the user permission to access a speciﬁc resource or function. In secure environments, authorization must always follow authentication. Example: After an employee successfully authenticates, the system determines what information the employees are allowed to access
of data security and is related to the proper handling of data. It is the process of check the ownership of the data! Example: After an employee successfully authenticates, the employee can only manipulate data that is yours.
account token is assigned to Istio Proxy 2. Pilot agent send Token and CSR to Istiod 3. Istiod validate k8s token 4. The istiod signs the certiﬁcate and provides it to pilot agent 5. The pilot agent calls Envoy SDS to conﬁgure it https://www.manning.com/books/istio-in-action