The security mechanisms must authenticate users and clients by verifying their identity claims in every invocation.
Subsequently they must make access control decisions about whether both the user and the client are authorized to execute
the microservice. Also, a security strategy critically must go beyond mere authentication and authorization mechanisms
for any particular user and attend to the problem holistically.