From a2be6a9ca96602e54e63205532590c01c9b79b69 Mon Sep 17 00:00:00 2001
From: Janel Gilani <69716982+JanelGilani@users.noreply.github.com>
Date: Thu, 14 Mar 2024 20:47:14 -0400
Subject: [PATCH 1/5] Create Intro_To_Microservices.md

---
 .../System_Design/Intro_To_Microservices.md   | 86 +++++++++++++++++++
 1 file changed, 86 insertions(+)
 create mode 100644 Topics/System_Design/Intro_To_Microservices.md

diff --git a/Topics/System_Design/Intro_To_Microservices.md b/Topics/System_Design/Intro_To_Microservices.md
new file mode 100644
index 000000000..2d018af88
--- /dev/null
+++ b/Topics/System_Design/Intro_To_Microservices.md
@@ -0,0 +1,86 @@
+# Introduction to Microservices Architecture
+
+**Authentication** is the first gateway users pass through when using any digital service to prove their identities. **Authorization** is how we ensure the *right people* are accessing the *right data*.
+A well-designed authentication and authorization service has to strike the correct balance of security and user convenience. This balance shifts depending on what service you're offering; an in-browser casual multiplayer game will have completely different needs for security and user convenience compared to governmental corporate software.
+
+## Table of Contents
+
+1. [Types of Authentication](#auth-types)
+	1. [Multi-Factor Authentication](#mfa)
+	2. [Standardized Protocols](#protocols)
+2. [Sessions and Tokens](#sessions-tokens)
+	1. [Designing Token-Based Authentication](#token-design)
+4. [Design Considerations](#auth-design)
+5. [Common Technologies](#auth-common-tech)
+6. [Further Reading](#further-reading)
+
+## Types of Authentication <a name="auth-types"></a>
+
+We all know about usernames and passwords, or **single-factor authentication**, which grants access to a system when the credentials are correct. However, in most modern systems, this is no longer the case for several reasons:
+1. Users don't keep their passwords secure
+2. Users are vulnerable to phishing schemes
+3. Users easily forget their own credentials
+4. Credentials can be easily cracked
+
+A common theme we'll see is that authentication strategies will try to work around the weakest security link in the system, which are the users themselves. While small improvements can help, like security questions or increasing requirements for password hygiene (minimum N characters, with at least M special characters), modern approaches have better ways of working around the fact that the users are usually the point of failure.
+
+### Multi-Factor Authentication (MFA) <a name="mfa"></a>
+
+Some MFA strategies require users to prove their credentials by demonstrating proof of *physical ownership* of an item. The most common among these is requiring the user to confirm their identity on a **separate device**, like a phone or a laptop; however, a really determined threat actor can bypass this by gaining remote access to the user's devices. 
+
+Instead, the best option of MFA strategies is by making the user prove their *inherent characteristics*; that is, things that are unique to them that no one else can ever take from them. **Biometrics** are a good example of this; many smartphones will use fingerprints and facial recognition, as an example.
+
+### Standardized Protocols <a name="protocols"></a>
+
+Developers don't have to write everything from scratch; using a open protocol ensures that a service can have a standardized yet secure authentication mechanism. Several protocols exist (definitions from [this article](https://www.getkisi.com/blog/authentication-protocols-overview)):
+1. **[LDAP (Lightweight Directory Access Protocol)](https://www.getkisi.com/glossary/lightweight-directory-access-protocol)** allows users to "securely locate organizations, individuals, and other resources such as files and devices in a network"
+2. **[OAuth 2](https://tools.ietf.org/html/rfc6749)** is an "authorization framework that enables applications to obtain limited access to user accounts on an HTTP service, such as Facebook, GitHub, and DigitalOcean." 
+3. **[SAML (Security Assertion Markup Language)](https://saml.xml.org/)** is an "XML-based, open-standard data format for exchanging authentication and authorization data between parties, in particular, between an identity provider and a service provider." SAML is often used to provide Single Sign-On (SSO) to users, which allows access to different services using only one account.
+
+## Sessions and Tokens <a name="sessions-tokens"></a>
+
+Session and token-based authentication schemes allow users to avoid having to authenticate every single time they make a request over a service.
+
+**Session-based authentication** is an older method that relies on the server to manage authentication. When a user logs in, the server generates a session, assigns a session ID stored in a browser cookie, and maintains authentication during the user's session on the site. While cookies are usually deleted upon logout, most modern browsers employ session restoring, retaining session cookies even after logout. This eliminates the need for repeated logins.
+
+**Token-based authentication** creates an *encrypted token* upon user login, granting users the ability to perform activities on the site. Unlike session IDs stored on the server, the *client* retains the token, either in memory or in a cookie.
+
+For session-based authentication, the server becomes complex with system or user scale. On the other hand, token-based authentication may still involve storing API tokens in a database table for verification or revocation. Both have their tradeoffs!
+
+If you've ever heard of JSON Web Tokens (JWTs), that's a common form of token-based authentication! JWTs embed user data inside the token, allowing validation without database queries, making them suitable for serverless and stateless applications.
+
+JWTs have several advantages:
+
+1.  Compact size for quick transmission.
+2.  Enhanced security through asymmetric encryption.
+3.  Ubiquitous use due to the prevalence of JSON objects.
+4.  Transparency in verifying senders and preventing tampering.
+
+They also have drawbacks; for example, they make it harder to revoke access from the server side, leading to shorter expiration times to mitigate security risks; this can be annoying for a user.
+
+### Designing Token-Based Authentication <a name="token-design"></a>
+There's a few best practices to follow when we're building an authentication service using a token-based service:
+1.  **Use Industry Standards:** Leverage established standards for token creation, such as OAuth 2.0 and OpenID Connect. Following widely accepted standards enhances interoperability and security.
+2.  **Secure Token Storage:** Ensure secure storage of tokens on the client side. Avoid storing sensitive information in local storage or cookies susceptible to attacks. Use HTTP-only cookies for enhanced security.
+3.  **Token Revocation:** Implement mechanisms for token revocation in case of security incidents or when a user logs out. Maintain a blacklist or use token introspection to check the validity of tokens.
+4.  **Token Scoping:** Include a scope or permissions within the token to define the level of access granted to the client, and make sure to give the minimum possible amount of privileges.
+5.  **Token Encryption:** When sensitive information is embedded in tokens, consider encrypting the token content. This adds an extra layer of security, especially for tokens containing user-specific data.
+6.  **Implement Rate Limiting:** Protect against abuse by implementing rate limiting on token-related endpoints. This helps mitigate the risk of brute force attacks or other malicious activities.
+
+## Design Considerations <a name="auth-design"></a>
+
+When it comes to building an authentication service for any kind of digital service, particularly in the context of microservice architectures, the best approach is to "use an API gateway—this is a service deployed in front of the microservices application, which serves as a single endpoint for all user requests." ([Source](https://frontegg.com/blog/authentication)) A good example of this are [interceptors in Axios](https://axios-http.com/docs/interceptors). Every API call in an mobile app or web service will pass through this checkpoint; it'll do something like attach a token, ensure a token is valid, or catch unauthorized access attempts. Other services sending requests to this checkpoint won't be aware of the underlying service at this gateway; it'll just package the requests accordingly, authenticate, and forward them. 
+
+## Common Technologies <a name="auth-common-tech"></a>
+
+Why reinvent the wheel? There are lots of existing libraries, 3rd party providers and technologies that provide an excellent balance between security and ease of use. Here are some examples:
+1.  **OpenID Connect:** Built on top of OAuth 2.0, OpenID Connect provides an identity layer that enables clients to verify the identity of end-users based on the authentication performed by an authorization server. It's often used for single sign-on (SSO) scenarios.
+2. **Auth0** is a cloud-based identity and access management (IAM) platform that provides authentication and authorization services for web, mobile, and legacy applications. It allows developers to add secure and seamless authentication to their applications without having to manage the complexity of identity infrastructure. Auth0 is often used to implement features such as single sign-on (SSO), social login, multi-factor authentication (MFA), and more.
+3. **Kerberos** is a "network authentication protocol. It is designed to provide strong authentication for client/server applications by using secret-key cryptography. A free implementation of this protocol is available from the Massachusetts Institute of Technology. Kerberos is available in many commercial products as well." ([Source](https://www.getkisi.com/blog/authentication-protocols-overview))
+
+## Further Reading <a name="further-reading"></a>
+[TryExponent: Authentication & Authorization](https://www.tryexponent.com/courses/fundamentals-system-design/authentication-authorization)
+
+[FrontEgg: How Does Authentication Work?](https://frontegg.com/blog/authentication#How-Does-Authentication-Work)
+
+[Tzachi Strugo: Authentication & Authorization in Microservices Architecture](https://dev.to/behalf/authentication-authorization-in-microservices-architecture-part-i-2cn0)

From a851d1f939e2f628e7069cfa0cc51b793071e20c Mon Sep 17 00:00:00 2001
From: Janel Gilani <gilani.janel@gmail.com>
Date: Thu, 14 Mar 2024 23:47:05 -0400
Subject: [PATCH 2/5] Changed package structure

---
 .../{ => Intro_To_Microservices}/Intro_To_Microservices.md        | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 rename Topics/System_Design/{ => Intro_To_Microservices}/Intro_To_Microservices.md (100%)

diff --git a/Topics/System_Design/Intro_To_Microservices.md b/Topics/System_Design/Intro_To_Microservices/Intro_To_Microservices.md
similarity index 100%
rename from Topics/System_Design/Intro_To_Microservices.md
rename to Topics/System_Design/Intro_To_Microservices/Intro_To_Microservices.md

From 7378d60773909dbecc8e171d97084a7e4f759fc8 Mon Sep 17 00:00:00 2001
From: Janel Gilani <gilani.janel@gmail.com>
Date: Fri, 15 Mar 2024 15:32:05 -0400
Subject: [PATCH 3/5] Add first draft of content for microservices wiki page

Added initial content for the microservices wiki page, covering topics such as an overview of microservices, principles and characteristics, design considerations, tools and technologies, best practices, and real-world examples. The content is tailored for introductory-level learners, providing clear explanations and examples to enhance understanding. Further refinement and additions may be made based on feedback and review.
---
 .../Intro_To_Microservices.md                 | 193 ++++++++++++------
 1 file changed, 136 insertions(+), 57 deletions(-)

diff --git a/Topics/System_Design/Intro_To_Microservices/Intro_To_Microservices.md b/Topics/System_Design/Intro_To_Microservices/Intro_To_Microservices.md
index 2d018af88..443a8f85c 100644
--- a/Topics/System_Design/Intro_To_Microservices/Intro_To_Microservices.md
+++ b/Topics/System_Design/Intro_To_Microservices/Intro_To_Microservices.md
@@ -1,86 +1,165 @@
 # Introduction to Microservices Architecture
 
-**Authentication** is the first gateway users pass through when using any digital service to prove their identities. **Authorization** is how we ensure the *right people* are accessing the *right data*.
-A well-designed authentication and authorization service has to strike the correct balance of security and user convenience. This balance shifts depending on what service you're offering; an in-browser casual multiplayer game will have completely different needs for security and user convenience compared to governmental corporate software.
-
 ## Table of Contents
 
-1. [Types of Authentication](#auth-types)
-	1. [Multi-Factor Authentication](#mfa)
-	2. [Standardized Protocols](#protocols)
-2. [Sessions and Tokens](#sessions-tokens)
-	1. [Designing Token-Based Authentication](#token-design)
-4. [Design Considerations](#auth-design)
-5. [Common Technologies](#auth-common-tech)
-6. [Further Reading](#further-reading)
+1. [Overview of Microservices](#overview)
+2. [Advantages and Disadvantages](#adv-dis)
+4. [Principles and Characteristics](#principles)
+5. [Design Considerations](#design)
+6. [Tools and Technologies](#common-tech)
+7. [Best Practices](#best-practices)
+8. [Real-World Examples](#examples)
+
+
+
+## 1. Overview of Microservices <a name="overview"></a>
+
+In the realm of CSC301H1: Introduction to Software Engineering, understanding modern software architecture is crucial. Microservices architecture, a cornerstone of contemporary software development, is a concept that aligns seamlessly with the principles taught in this course.
+
+Microservices architecture presents a paradigm shift in how software systems are designed and developed. Unlike traditional monolithic architectures, where applications are built as a single, tightly integrated unit, microservices architecture emphasizes breaking down complex systems into smaller, independently deployable services.
+
+For CSC301 students, grasping the significance of microservices architecture entails understanding its foundational principles and how they apply to real-world software engineering practices. Microservices enable teams to work more efficiently by allowing them to focus on developing and maintaining small, autonomous services. This aligns with the agile development methods taught in CSC301, where adaptability, collaboration, and rapid iteration are paramount.
+
+In the context of CSC301, microservices architecture offers several advantages. It promotes scalability, allowing teams to scale individual services based on demand, a concept directly relevant to discussions on estimation and prioritization. Moreover, the autonomy of microservices facilitates teamwork skills, as teams can work independently on different services while ensuring seamless integration through well-defined APIs.
+
+However, adopting microservices architecture also introduces challenges, such as managing the complexity of a distributed system and ensuring effective communication between services. These challenges underscore the importance of basic modeling, design patterns, and refactoring, topics covered in CSC301.
+
+Overall, understanding microservices architecture within the context of CSC301 provides students with valuable insights into modern software engineering practices. By delving into the principles, advantages, and challenges of microservices, CSC301 students gain a solid foundation in designing scalable, resilient, and maintainable software systems—a cornerstone of professional software engineering.
+
+## 2. Advantages and Disadvantages of Microservices Architecture <a name="adv-dis"></a>
+
+Microservices architecture presents several advantages and challenges that CSC301 students should consider when evaluating its adoption for software development projects.
+
+**Advantages:**
+
+1. **Scalability**: Microservices enable horizontal scaling, allowing organizations to handle increased traffic by deploying multiple instances of individual services. This scalability is crucial for projects with varying demand, as discussed in CSC301's emphasis on agile development methods.
+
+2. **Flexibility and Agility**: Breaking down applications into smaller, independently deployable services enhances agility, enabling teams to work on each service autonomously. This aligns with the agile principle of responding to change over following a plan, as discussed in CSC301.
+
+3. **Resilience**: Microservices promote fault isolation, meaning that failures in one service do not necessarily impact the entire application. This resilience improves the overall reliability and robustness of the system, which is essential for projects with rapidly moving requirements, as taught in CSC301.
+
+4. **Technology Diversity**: Microservices allow organizations to use different technologies and programming languages for each service, providing flexibility in technology selection. This aligns with the discussion of basic software development infrastructure in CSC301, emphasizing the importance of selecting appropriate tools for specific tasks.
+
+5. **Ease of Maintenance**: With smaller, focused services, maintenance and updates become more manageable. Teams can modify, test, and deploy changes to individual services without disrupting the entire application, aligning with the agile principle of delivering working software frequently.
+
+**Disadvantages:**
+
+1. **Complexity**: Microservices introduce complexity in terms of managing distributed systems, network communication, and data consistency. This complexity can be challenging for teams with limited experience, as discussed in CSC301's focus on introductory-level software engineering concepts.
+
+2. **Operational Overhead**: Operating and monitoring a microservices-based architecture requires additional infrastructure and tooling, increasing operational overhead. CSC301 students should consider the trade-offs between agility and operational complexity when evaluating microservices architecture.
+
+3. **Integration Challenges**: Integrating and coordinating interactions between microservices can be complex, requiring careful design and implementation. CSC301 students should be aware of the challenges associated with inter-service communication and data consistency in distributed systems.
+
+4. **Testing Complexity**: Testing microservices-based applications requires testing individual services as well as their interactions, leading to increased testing complexity. CSC301 students should understand the importance of comprehensive testing strategies when working with microservices.
+
+5. **Deployment Complexity**: Deploying microservices-based applications involves managing multiple independent services and their dependencies, which can be challenging. CSC301 students should consider the deployment strategies and tools required for managing microservices in production environments.
+
+In summary, while microservices architecture offers numerous advantages, CSC301 students should carefully consider the associated challenges before adopting this architectural style for software development projects. Understanding the benefits and drawbacks of microservices architecture is essential for making informed architectural decisions in alignment with the principles taught in CSC301.
+
+## Principles and Characteristics of Microservices Architecture <a name="principles"></a>
+
+In the realm of CSC301H1: Introduction to Software Engineering, understanding the principles and characteristics of modern software architectures is essential. Microservices architecture, a central concept in contemporary software development, aligns closely with the principles taught in this course.
+
+1. **Modularity**: Microservices architecture emphasizes modularity, breaking down complex applications into smaller, self-contained services—a concept akin to the modular design principles discussed in CSC301. This modularity promotes maintainability and enables teams to work on services independently, fostering agile development practices.
+
+2. **Autonomy**: The autonomy of microservices resonates with the agile development methods taught in CSC301. Each service operates independently, allowing teams to work on services concurrently and deploy changes without impacting other parts of the system. This autonomy promotes rapid iteration and continuous deployment, core tenets of agile development.
+
+3. **Loose Coupling**: Microservices architecture promotes loose coupling between services, facilitating flexibility and enabling teams to adapt to changing requirements—an essential aspect of agile development. By interacting through well-defined APIs, services remain decoupled, ensuring that changes in one service do not ripple through the entire architecture.
+
+4. **Scalability**: The scalability of microservices architecture aligns with discussions on scalability and resource management in CSC301. Individual services can be scaled independently based on demand, optimizing resource utilization and ensuring optimal performance—a fundamental aspect of designing scalable software systems.
+
+5. **Resilience**: Microservices architecture promotes resilience by isolating failures within individual services, a concept reminiscent of fault tolerance discussions in CSC301. If one service encounters an issue, it does not propagate to other parts of the system, enhancing system stability and reliability.
+
+6. **Polyglot Persistence**: The flexibility of microservices architecture to support polyglot persistence reflects discussions on database design and management in CSC301. Each service can choose the most suitable database technology based on its requirements, optimizing data storage and retrieval strategies.
+
+7. **Continuous Delivery**: Microservices architecture facilitates continuous delivery practices, allowing teams to deliver updates rapidly and frequently—a core principle of agile development. With each service deployable independently, teams can streamline the release process and respond quickly to user feedback—a key aspect of agile project management.
+
+By understanding these principles and characteristics within the context of CSC301, students gain valuable insights into modern software engineering practices. Microservices architecture embodies the agile principles of modularity, autonomy, and continuous improvement, empowering developers to build scalable, resilient, and adaptable software systems—a cornerstone of professional software engineering.
+
+
+## Design Considerations for Microservices-Based Systems <a name="design"></a>
+
+When architecting microservices-based systems, several important design considerations must be taken into account. These considerations, tailored for beginner-level understanding, play a crucial role in ensuring the success and effectiveness of microservices architectures:
+
+1. **Service Boundaries**: Defining clear service boundaries is essential when designing microservices-based systems. Each service should have a well-defined scope and responsibility, focusing on a specific business function or feature. This clarity helps avoid overlap and ensures that services remain cohesive and independent.
+
+2. **Communication Protocols**: Choosing appropriate communication protocols between services is crucial for seamless interaction. Beginner-level learners should understand the importance of standardized APIs and protocols, such as REST or gRPC, which facilitate communication between microservices while ensuring compatibility and interoperability.
+
+3. **Data Management**: Managing data effectively within a microservices architecture requires careful consideration. Beginners should learn about strategies for data partitioning, replication, and consistency, as well as techniques for handling data dependencies between services. Concepts such as event sourcing and CQRS (Command Query Responsibility Segregation) may also be introduced at a basic level.
+
+4. **Deployment Strategies**: Understanding deployment strategies is vital for ensuring the reliability and scalability of microservices-based systems. Beginners should be familiar with concepts such as containerization (e.g., Docker) and orchestration (e.g., Kubernetes), which enable automated deployment, scaling, and management of microservices.
+
+5. **Monitoring and Observability**: Monitoring and observability are essential for maintaining the health and performance of microservices-based systems. Beginner-friendly explanations should cover basic monitoring metrics, logging strategies, and tools for tracing and debugging distributed systems. Concepts such as centralized logging and distributed tracing can be introduced gradually.
+
+6. **Fault Tolerance and Resilience**: Designing microservices for fault tolerance and resilience is critical for ensuring system reliability. Beginners should learn about techniques such as circuit breakers, retries, and graceful degradation, which help mitigate failures and prevent cascading effects within the system.
+
+7. **Security Considerations**: Security is a paramount concern in microservices architectures. Beginners should understand the importance of implementing authentication, authorization, and encryption mechanisms to protect sensitive data and prevent unauthorized access. Concepts such as API gateways and service mesh can be introduced to address security concerns at a basic level.
+
+By focusing on these design considerations and providing beginner-friendly explanations, learners can gain a solid understanding of how to architect microservices-based systems effectively. Emphasizing clarity and simplicity in explanations helps beginners grasp these complex concepts and prepares them for designing scalable, resilient, and maintainable software architectures.
+
+
+## Tools and Technologies for Microservices <a name="common-tech"></a>
+
+Introducing commonly used tools and technologies for implementing and managing microservices is crucial for learners at the introductory level. Here, we'll focus on beginner-friendly explanations of tools and technologies that are widely adopted in the industry:
+
+1. **Docker**: Docker is a popular containerization platform that allows developers to package applications and their dependencies into lightweight containers. Beginners can benefit from Docker's simplicity and portability, enabling them to build, ship, and run applications consistently across different environments.
+
+2. **Kubernetes**: Kubernetes is an open-source container orchestration platform designed to automate the deployment, scaling, and management of containerized applications. While Kubernetes may seem complex at first, beginners can start with basic concepts such as pods, deployments, and services, gradually exploring more advanced features as they gain proficiency.
+
+3. **RESTful APIs**: Representational State Transfer (REST) is a widely adopted architectural style for designing networked applications. Beginners should understand the principles of RESTful API design, including resource identification, statelessness, and uniform interface constraints. Tools like Swagger or Postman can be introduced to help learners interact with RESTful APIs effectively.
+
+4. **gRPC**: gRPC is a high-performance RPC (Remote Procedure Call) framework developed by Google. It enables efficient communication between microservices using protocol buffers and HTTP/2. Beginners can explore gRPC's benefits, such as strong typing, automatic serialization, and bi-directional streaming, while learning how to define and implement service APIs.
+
+5. **Service Mesh**: Service mesh technologies, such as Istio or Linkerd, provide a dedicated infrastructure layer for managing service-to-service communication within microservices architectures. Beginners can learn about service mesh's capabilities, including traffic management, load balancing, and security features, while understanding its role in enhancing observability and resilience.
+
+6. **Continuous Integration/Continuous Deployment (CI/CD)**: CI/CD practices automate the process of building, testing, and deploying software changes, facilitating rapid and reliable software delivery. Beginners should familiarize themselves with CI/CD concepts and tools like Jenkins, GitLab CI, or GitHub Actions, enabling them to streamline the development workflow and accelerate the release cycle.
 
-## Types of Authentication <a name="auth-types"></a>
+7. **Monitoring and Logging Tools**: Effective monitoring and logging are essential for maintaining the health and performance of microservices-based systems. Beginners can explore monitoring tools like Prometheus or Grafana for collecting and visualizing metrics, as well as logging solutions like ELK Stack (Elasticsearch, Logstash, Kibana) for aggregating and analyzing log data.
 
-We all know about usernames and passwords, or **single-factor authentication**, which grants access to a system when the credentials are correct. However, in most modern systems, this is no longer the case for several reasons:
-1. Users don't keep their passwords secure
-2. Users are vulnerable to phishing schemes
-3. Users easily forget their own credentials
-4. Credentials can be easily cracked
+By introducing these tools and technologies with beginner-friendly explanations, learners can build a solid foundation in implementing and managing microservices architectures. Emphasizing practical examples and hands-on exercises can further enhance understanding and prepare beginners for real-world software development scenarios.
 
-A common theme we'll see is that authentication strategies will try to work around the weakest security link in the system, which are the users themselves. While small improvements can help, like security questions or increasing requirements for password hygiene (minimum N characters, with at least M special characters), modern approaches have better ways of working around the fact that the users are usually the point of failure.
+## Best Practices for Microservices Development <a name="best-practices"></a>
 
-### Multi-Factor Authentication (MFA) <a name="mfa"></a>
+When it comes to designing, developing, and deploying microservices, adhering to best practices is crucial for ensuring the success and effectiveness of your architecture. Here, we'll share recommended best practices tailored to the skill level of CSC301 students:
 
-Some MFA strategies require users to prove their credentials by demonstrating proof of *physical ownership* of an item. The most common among these is requiring the user to confirm their identity on a **separate device**, like a phone or a laptop; however, a really determined threat actor can bypass this by gaining remote access to the user's devices. 
+1. **Domain-Driven Design (DDD)**: Embrace the principles of Domain-Driven Design when defining service boundaries and modeling microservices. By aligning services with specific business domains, you can ensure a cohesive and maintainable architecture.
 
-Instead, the best option of MFA strategies is by making the user prove their *inherent characteristics*; that is, things that are unique to them that no one else can ever take from them. **Biometrics** are a good example of this; many smartphones will use fingerprints and facial recognition, as an example.
+2. **Single Responsibility Principle (SRP)**: Follow the SRP when designing microservices, ensuring that each service has a single responsibility and encapsulates a specific business function or capability. This promotes modularity and reduces the risk of service sprawl.
 
-### Standardized Protocols <a name="protocols"></a>
+3. **API First Design**: Adopt an API-first approach when designing microservices, focusing on defining clear and intuitive APIs that prioritize consumer needs. Use tools like OpenAPI/Swagger to document and standardize your APIs, promoting consistency and interoperability.
 
-Developers don't have to write everything from scratch; using a open protocol ensures that a service can have a standardized yet secure authentication mechanism. Several protocols exist (definitions from [this article](https://www.getkisi.com/blog/authentication-protocols-overview)):
-1. **[LDAP (Lightweight Directory Access Protocol)](https://www.getkisi.com/glossary/lightweight-directory-access-protocol)** allows users to "securely locate organizations, individuals, and other resources such as files and devices in a network"
-2. **[OAuth 2](https://tools.ietf.org/html/rfc6749)** is an "authorization framework that enables applications to obtain limited access to user accounts on an HTTP service, such as Facebook, GitHub, and DigitalOcean." 
-3. **[SAML (Security Assertion Markup Language)](https://saml.xml.org/)** is an "XML-based, open-standard data format for exchanging authentication and authorization data between parties, in particular, between an identity provider and a service provider." SAML is often used to provide Single Sign-On (SSO) to users, which allows access to different services using only one account.
+4. **Decentralized Data Management**: Aim for decentralized data management within microservices, avoiding shared databases and instead favoring independent data stores per service. This minimizes data coupling and enhances service autonomy, promoting scalability and resilience.
 
-## Sessions and Tokens <a name="sessions-tokens"></a>
+5. **Asynchronous Communication**: Embrace asynchronous communication patterns, such as event-driven architecture or message queues, to decouple services and improve responsiveness. This allows services to operate independently and handle workload spikes more effectively.
 
-Session and token-based authentication schemes allow users to avoid having to authenticate every single time they make a request over a service.
+6. **Fault Tolerance and Resilience**: Design microservices with fault tolerance and resilience in mind, incorporating mechanisms like circuit breakers, retries, and fallback strategies to handle failures gracefully. This enhances system reliability and minimizes downtime.
 
-**Session-based authentication** is an older method that relies on the server to manage authentication. When a user logs in, the server generates a session, assigns a session ID stored in a browser cookie, and maintains authentication during the user's session on the site. While cookies are usually deleted upon logout, most modern browsers employ session restoring, retaining session cookies even after logout. This eliminates the need for repeated logins.
+7. **Incremental Deployment**: Opt for incremental deployment strategies, such as canary releases or feature toggles, to minimize risk and validate changes before rolling them out to production. This enables continuous delivery while mitigating the impact of potential issues.
 
-**Token-based authentication** creates an *encrypted token* upon user login, granting users the ability to perform activities on the site. Unlike session IDs stored on the server, the *client* retains the token, either in memory or in a cookie.
+8. **Monitoring and Observability**: Implement robust monitoring and observability practices, leveraging tools like Prometheus, Grafana, and distributed tracing solutions to gain insights into system performance and behavior. This facilitates proactive troubleshooting and optimization.
 
-For session-based authentication, the server becomes complex with system or user scale. On the other hand, token-based authentication may still involve storing API tokens in a database table for verification or revocation. Both have their tradeoffs!
+9. **Security by Design**: Prioritize security considerations throughout the microservices development lifecycle, incorporating measures like authentication, authorization, encryption, and input validation into your design and implementation. This protects sensitive data and prevents unauthorized access.
 
-If you've ever heard of JSON Web Tokens (JWTs), that's a common form of token-based authentication! JWTs embed user data inside the token, allowing validation without database queries, making them suitable for serverless and stateless applications.
+10. **Documentation and Collaboration**: Maintain comprehensive documentation for your microservices, including API documentation, architecture diagrams, and deployment guides, to facilitate collaboration and knowledge sharing among team members. Clear and up-to-date documentation ensures consistency and reduces friction in development workflows.
 
-JWTs have several advantages:
+By following these best practices, CSC301 students can build robust, scalable, and maintainable microservices architectures that align with industry standards and principles. Emphasizing practical examples and real-world case studies can further reinforce these concepts and prepare students for successful software engineering careers.
 
-1.  Compact size for quick transmission.
-2.  Enhanced security through asymmetric encryption.
-3.  Ubiquitous use due to the prevalence of JSON objects.
-4.  Transparency in verifying senders and preventing tampering.
+## Real-World Examples of Microservices Implementations <a name="examples"></a>
 
-They also have drawbacks; for example, they make it harder to revoke access from the server side, leading to shorter expiration times to mitigate security risks; this can be annoying for a user.
+To provide introductory-level learners with a clear understanding of microservices architecture, let's explore real-world examples and case studies of successful implementations:
 
-### Designing Token-Based Authentication <a name="token-design"></a>
-There's a few best practices to follow when we're building an authentication service using a token-based service:
-1.  **Use Industry Standards:** Leverage established standards for token creation, such as OAuth 2.0 and OpenID Connect. Following widely accepted standards enhances interoperability and security.
-2.  **Secure Token Storage:** Ensure secure storage of tokens on the client side. Avoid storing sensitive information in local storage or cookies susceptible to attacks. Use HTTP-only cookies for enhanced security.
-3.  **Token Revocation:** Implement mechanisms for token revocation in case of security incidents or when a user logs out. Maintain a blacklist or use token introspection to check the validity of tokens.
-4.  **Token Scoping:** Include a scope or permissions within the token to define the level of access granted to the client, and make sure to give the minimum possible amount of privileges.
-5.  **Token Encryption:** When sensitive information is embedded in tokens, consider encrypting the token content. This adds an extra layer of security, especially for tokens containing user-specific data.
-6.  **Implement Rate Limiting:** Protect against abuse by implementing rate limiting on token-related endpoints. This helps mitigate the risk of brute force attacks or other malicious activities.
+1. **Netflix**: Netflix is a prime example of a company that has embraced microservices architecture to scale its streaming platform. By breaking down its monolithic application into small, independent services, Netflix can handle millions of users worldwide while delivering personalized content recommendations and seamless streaming experiences.
 
-## Design Considerations <a name="auth-design"></a>
+2. **Amazon**: Amazon's e-commerce platform relies heavily on microservices architecture to power its vast array of services, including product catalog, checkout, payment processing, and recommendation engines. Microservices enable Amazon to iterate quickly, experiment with new features, and handle peak shopping seasons with ease.
 
-When it comes to building an authentication service for any kind of digital service, particularly in the context of microservice architectures, the best approach is to "use an API gateway—this is a service deployed in front of the microservices application, which serves as a single endpoint for all user requests." ([Source](https://frontegg.com/blog/authentication)) A good example of this are [interceptors in Axios](https://axios-http.com/docs/interceptors). Every API call in an mobile app or web service will pass through this checkpoint; it'll do something like attach a token, ensure a token is valid, or catch unauthorized access attempts. Other services sending requests to this checkpoint won't be aware of the underlying service at this gateway; it'll just package the requests accordingly, authenticate, and forward them. 
+3. **Uber**: Uber's ride-sharing platform is built on a microservices architecture that enables real-time ride matching, GPS tracking, payment processing, and driver management. Microservices allow Uber to scale its platform globally, adapt to local regulations, and provide a consistent user experience across different regions.
 
-## Common Technologies <a name="auth-common-tech"></a>
+4. **Spotify**: Spotify leverages microservices architecture to deliver personalized music streaming experiences to millions of users worldwide. By breaking down its application into small, focused services, Spotify can continuously innovate, experiment with new features, and scale its platform to meet growing demand.
 
-Why reinvent the wheel? There are lots of existing libraries, 3rd party providers and technologies that provide an excellent balance between security and ease of use. Here are some examples:
-1.  **OpenID Connect:** Built on top of OAuth 2.0, OpenID Connect provides an identity layer that enables clients to verify the identity of end-users based on the authentication performed by an authorization server. It's often used for single sign-on (SSO) scenarios.
-2. **Auth0** is a cloud-based identity and access management (IAM) platform that provides authentication and authorization services for web, mobile, and legacy applications. It allows developers to add secure and seamless authentication to their applications without having to manage the complexity of identity infrastructure. Auth0 is often used to implement features such as single sign-on (SSO), social login, multi-factor authentication (MFA), and more.
-3. **Kerberos** is a "network authentication protocol. It is designed to provide strong authentication for client/server applications by using secret-key cryptography. A free implementation of this protocol is available from the Massachusetts Institute of Technology. Kerberos is available in many commercial products as well." ([Source](https://www.getkisi.com/blog/authentication-protocols-overview))
+5. **Airbnb**: Airbnb's online marketplace for short-term rentals relies on microservices architecture to handle user authentication, property listings, booking management, and payment processing. Microservices enable Airbnb to customize its platform for different regions and accommodate diverse user needs.
 
-## Further Reading <a name="further-reading"></a>
-[TryExponent: Authentication & Authorization](https://www.tryexponent.com/courses/fundamentals-system-design/authentication-authorization)
+6. **Twitter**: Twitter's social media platform is built on a microservices architecture that enables real-time tweet streaming, user authentication, content recommendation, and analytics. Microservices allow Twitter to scale its platform dynamically, handle spikes in user activity, and deliver a seamless user experience.
 
-[FrontEgg: How Does Authentication Work?](https://frontegg.com/blog/authentication#How-Does-Authentication-Work)
+7. **PayPal**: PayPal's online payment platform utilizes microservices architecture to process transactions, detect fraud, manage user accounts, and provide customer support. Microservices enable PayPal to ensure high availability, security, and compliance while handling billions of transactions annually.
 
-[Tzachi Strugo: Authentication & Authorization in Microservices Architecture](https://dev.to/behalf/authentication-authorization-in-microservices-architecture-part-i-2cn0)
+These real-world examples illustrate the versatility and scalability of microservices architecture in powering large-scale, mission-critical applications. By studying these case studies, introductory-level learners can gain insights into how microservices are applied in practice, understand the benefits they offer, and appreciate their significance in modern software development. Additionally, analyzing the challenges faced and solutions implemented by these companies can help learners prepare for similar scenarios in their own software engineering endeavors.

From d11885f6a2c2552dcf8b07215d13fefda2da3258 Mon Sep 17 00:00:00 2001
From: Janel Gilani <gilani.janel@gmail.com>
Date: Sun, 17 Mar 2024 15:26:09 -0400
Subject: [PATCH 4/5] Refine content based on feedback and incorporate changes

Incorporated feedback to improve clarity and accessibility of the content. Made adjustments to terminology and provided layman explanations where necessary. Additionally, added a suggestion to provide further reading links for interested readers to delve deeper into specific concepts.
---
 .../Intro_To_Microservices/Intro_To_Microservices.md        | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/Topics/System_Design/Intro_To_Microservices/Intro_To_Microservices.md b/Topics/System_Design/Intro_To_Microservices/Intro_To_Microservices.md
index 443a8f85c..c01d0427d 100644
--- a/Topics/System_Design/Intro_To_Microservices/Intro_To_Microservices.md
+++ b/Topics/System_Design/Intro_To_Microservices/Intro_To_Microservices.md
@@ -20,7 +20,7 @@ Microservices architecture presents a paradigm shift in how software systems are
 
 For CSC301 students, grasping the significance of microservices architecture entails understanding its foundational principles and how they apply to real-world software engineering practices. Microservices enable teams to work more efficiently by allowing them to focus on developing and maintaining small, autonomous services. This aligns with the agile development methods taught in CSC301, where adaptability, collaboration, and rapid iteration are paramount.
 
-In the context of CSC301, microservices architecture offers several advantages. It promotes scalability, allowing teams to scale individual services based on demand, a concept directly relevant to discussions on estimation and prioritization. Moreover, the autonomy of microservices facilitates teamwork skills, as teams can work independently on different services while ensuring seamless integration through well-defined APIs.
+In the context of CSC301, microservices architecture offers several advantages. It promotes scalability, allowing teams to scale individual services based on demand, a concept directly relevant to discussions on estimation (which involves predicting the effort or resources required for a task) and prioritization. Moreover, the autonomy of microservices facilitates teamwork skills, as teams can work independently on different services while ensuring seamless integration through well-defined APIs.
 
 However, adopting microservices architecture also introduces challenges, such as managing the complexity of a distributed system and ensuring effective communication between services. These challenges underscore the importance of basic modeling, design patterns, and refactoring, topics covered in CSC301.
 
@@ -32,7 +32,7 @@ Microservices architecture presents several advantages and challenges that CSC30
 
 **Advantages:**
 
-1. **Scalability**: Microservices enable horizontal scaling, allowing organizations to handle increased traffic by deploying multiple instances of individual services. This scalability is crucial for projects with varying demand, as discussed in CSC301's emphasis on agile development methods.
+1. **Scalability**: Microservices enable horizontal scaling, allowing organizations to handle increased traffic by deploying multiple instances of individual services. This scalability is crucial for projects with varying demand, as discussed in CSC301's emphasis on agile development methods. In simpler terms, horizontal scaling refers to deploying multiple servers that handle similar tasks, ensuring the system can accommodate growing user loads effectively.
 
 2. **Flexibility and Agility**: Breaking down applications into smaller, independently deployable services enhances agility, enabling teams to work on each service autonomously. This aligns with the agile principle of responding to change over following a plan, as discussed in CSC301.
 
@@ -130,7 +130,7 @@ When it comes to designing, developing, and deploying microservices, adhering to
 
 4. **Decentralized Data Management**: Aim for decentralized data management within microservices, avoiding shared databases and instead favoring independent data stores per service. This minimizes data coupling and enhances service autonomy, promoting scalability and resilience.
 
-5. **Asynchronous Communication**: Embrace asynchronous communication patterns, such as event-driven architecture or message queues, to decouple services and improve responsiveness. This allows services to operate independently and handle workload spikes more effectively.
+5. **Asynchronous Communication**: Embrace asynchronous communication patterns, such as event-driven architecture or message queues, to decouple services and improve responsiveness. This allows services to operate independently and handle workload spikes more effectively. For further exploration of this concept, interested readers can refer to additional resources on event-driven architecture and message queuing systems.
 
 6. **Fault Tolerance and Resilience**: Design microservices with fault tolerance and resilience in mind, incorporating mechanisms like circuit breakers, retries, and fallback strategies to handle failures gracefully. This enhances system reliability and minimizes downtime.
 

From b0fa16e69d050937c10da4fa5d588aa897da1911 Mon Sep 17 00:00:00 2001
From: Janel Gilani <gilani.janel@gmail.com>
Date: Sun, 17 Mar 2024 15:35:14 -0400
Subject: [PATCH 5/5] Update content based on feedback and incorporate
 additional sections

Adjusted content to incorporate feedback, including the mention of Conway's Law and the suggestion for a 'further readings' section. Added the 'further readings' section to provide readers with additional resources for deeper exploration of microservices architecture and related topics.
---
 .../Intro_To_Microservices.md                   | 17 ++++++++++++++++-
 1 file changed, 16 insertions(+), 1 deletion(-)

diff --git a/Topics/System_Design/Intro_To_Microservices/Intro_To_Microservices.md b/Topics/System_Design/Intro_To_Microservices/Intro_To_Microservices.md
index c01d0427d..6e4263087 100644
--- a/Topics/System_Design/Intro_To_Microservices/Intro_To_Microservices.md
+++ b/Topics/System_Design/Intro_To_Microservices/Intro_To_Microservices.md
@@ -9,6 +9,7 @@
 6. [Tools and Technologies](#common-tech)
 7. [Best Practices](#best-practices)
 8. [Real-World Examples](#examples)
+9. [Further Readings](#further)
 
 
 
@@ -22,7 +23,7 @@ For CSC301 students, grasping the significance of microservices architecture ent
 
 In the context of CSC301, microservices architecture offers several advantages. It promotes scalability, allowing teams to scale individual services based on demand, a concept directly relevant to discussions on estimation (which involves predicting the effort or resources required for a task) and prioritization. Moreover, the autonomy of microservices facilitates teamwork skills, as teams can work independently on different services while ensuring seamless integration through well-defined APIs.
 
-However, adopting microservices architecture also introduces challenges, such as managing the complexity of a distributed system and ensuring effective communication between services. These challenges underscore the importance of basic modeling, design patterns, and refactoring, topics covered in CSC301.
+However, adopting microservices architecture also introduces challenges, such as managing the complexity of a distributed system and ensuring effective communication between services. These challenges underscore the importance of basic modeling, design patterns, and refactoring, topics covered in CSC301. Additionally, considering Conway's Law, which suggests that the structure of an organization will be reflected in the design of its systems, becomes insightful in understanding how teams collaborate and communicate within microservices architectures.
 
 Overall, understanding microservices architecture within the context of CSC301 provides students with valuable insights into modern software engineering practices. By delving into the principles, advantages, and challenges of microservices, CSC301 students gain a solid foundation in designing scalable, resilient, and maintainable software systems—a cornerstone of professional software engineering.
 
@@ -163,3 +164,17 @@ To provide introductory-level learners with a clear understanding of microservic
 7. **PayPal**: PayPal's online payment platform utilizes microservices architecture to process transactions, detect fraud, manage user accounts, and provide customer support. Microservices enable PayPal to ensure high availability, security, and compliance while handling billions of transactions annually.
 
 These real-world examples illustrate the versatility and scalability of microservices architecture in powering large-scale, mission-critical applications. By studying these case studies, introductory-level learners can gain insights into how microservices are applied in practice, understand the benefits they offer, and appreciate their significance in modern software development. Additionally, analyzing the challenges faced and solutions implemented by these companies can help learners prepare for similar scenarios in their own software engineering endeavors.
+
+
+## Further Readings <a name="further"></a>
+
+1. Martin Fowler's Website - Microservices: A Definition of This New Architectural Term: [Link](https://martinfowler.com/articles/microservices.html)
+2. Sam Newman's Book - Building Microservices: Designing Fine-Grained Systems: [Link](https://samnewman.io/books/building_microservices/)
+3. Chris Richardson's Website - Microservices.io: [Link](https://microservices.io/)
+4. Kubernetes Documentation: [Link](https://kubernetes.io/docs/)
+5. Docker Documentation: [Link](https://docs.docker.com/)
+6. Event-Driven Architecture: An Introduction: [Link](https://www.ibm.com/cloud/learn/event-driven-architecture)
+7. Message Queuing Systems: Explained: [Link](https://www.cloudflare.com/learning/messaging/what-is-message-queuing/)
+8. Conway's Law: Exploring the Interplay between Organizations and Systems: [Link](https://www.thoughtworks.com/insights/blog/understanding-conways-law)
+
+These resources provide in-depth insights into microservices architecture, related technologies, and broader concepts such as event-driven architecture and Conway's Law. They serve as valuable references for further exploration and understanding of the topics discussed.
\ No newline at end of file