Will Faught

August 2023

Server-To-Server Authentication Schemes

A tour of motivations, techniques, strengths, and weaknesses.

Latacora: Modern applications tend to be composed from relationships between smaller applications. Secure modern applications thus need a way to express and enforce security policies that span multiple services. This is the “server-to-server” (S2S) authentication and authorization problem (for simplicity, I’ll mash both concepts into the term “auth” for most of this post). Designers today have a lot of options for S2S auth, but there isn’t much clarity about what the options are or why you’d select any of them.

authentication encryption macaroons mtls servers technology

Will Faught

3 minutes