I don't understand why this is considered a bigger challenge than any other relation between small services.
If two services is chatty, they should be merged. This can be on several levels, data being one level.
Authorization services should not be chatty with other services. And why would they since you ask for claims upon an authentication request. Yes, I meant authentication.
And I believe an authorization service is something that has been solved for a long time. It doesn't have other traits than any other services you must collaborate with, that migh be your mistake to look at it like so.
The authorization service will give you the claims for the user and, each service will dictate whether the claims are valid and sufficient within the service boundary.
Don't look at it ad a special kind of service, because it's really not.
If two services is chatty, they should be merged. This can be on several levels, data being one level.
Authorization services should not be chatty with other services. And why would they since you ask for claims upon an authentication request. Yes, I meant authentication.
And I believe an authorization service is something that has been solved for a long time. It doesn't have other traits than any other services you must collaborate with, that migh be your mistake to look at it like so.
The authorization service will give you the claims for the user and, each service will dictate whether the claims are valid and sufficient within the service boundary.
Don't look at it ad a special kind of service, because it's really not.