Applications architected as microservices are becoming more prevalent every day, but just like their monolithic ancestors, microservice applications must adhere to organization-wide constraints around compliance, security, performance, etc. Authorization — controlling which people and machines can perform which actions — is a foundational security problem that requires new solutions in a microservice world because of changes in requirements around performance, availability and even where authorization gets enforced architecturally.