Pengembangan Layanan Autentikasi dan Manajemen Akses Menggunakan Pendekatan Waterfall untuk Integrasi Aplikasi Fakultas berbasis Microservice (Studi Kasus: Fakultas Rekayasa Industri)
Abstract
Abstrak— Penelitian ini bertujuan mengembangkan layanan autentikasi dan manajemen akses berbasis
microservices untuk mengatasi masalah redundansi data
master user dan ketidakseimbangan manajemen akses di
Fakultas Rekayasa Industri (FRI) Telkom University. Sistem ini
menggunakan RESTful API dengan protokol HTTP, terbagi
menjadi API public untuk aplikasi klien dan API private untuk
pengelolaan melalui dashboard. Keamanan akses dijaga dengan
Bearer token. Pengembangan dilakukan dengan metode
Waterfall. Pengujian menunjukkan bahwa semua fitur utama
berfungsi dengan baik, namun pengujian keamanan
menggunakan OWASP ZAP mengidentifikasi beberapa
kerentanan serius seperti Cloud Metadata Exposure dan SQL
Injection, yang memerlukan mitigasi lebih lanjut melalui
validasi input dan konfigurasi server yang lebih aman.
Kata kunci— autentikasi, manajemen akses, microservices, redundansi data, metode waterfall
References
'[1] M. Kondoj, T. Saroinsong, and A. Polii, .Single Sign
On (SSO) System with Application of Central
Authentication Service (CAS) at Manado State
Polytechnic,= INSTICC, Dec. 2023, pp. 698–702.
doi: 10.5220/0011863100003575.
'[2] G. S. Reddy and T. R. Konala, .EASEID-A
SESSION-BASED SINGLE SIGN-ON SELFSOVEREIGN IDENTITY AND ACCESS
MANAGEMENT SYSTEM USING
BLOCKCHAIN,= Indian Journal of Computer
Science and Engineering, vol. 13, no. 4, 2022, doi:
21817/indjcse/2022/v13i4/221304176.
'[3] T. S. Aina, O. O. Akinte, A. J. Awelewa, and D. O.
Adelakun, .International Journal of Advanced
Multidisciplinary Research and Studies Critical
evaluation of waterfall project management
methodology: A case study of digital management
conference project,= 2022. [Online]. Available:
www.multiresearchjournal.com
'[4] Shamsulhuda Khan and Shubhangi Mahadik, .A
Comparative Study of Agile and Waterfall Software
Development Methodologies,= International Journal
of Advanced Research in Science, Communication
and Technology, pp. 399–402, Jul. 2022, doi:
48175/ijarsct-5696.
'[5] M. Kunz, A. Puchta, S. Groll, L. Fuchs, and G.
Pernul, .Attribute quality management for dynamic
identity and access management,= Journal of
Information Security and Applications, vol. 44, 2019,
doi: 10.1016/j.jisa.2018.11.004.
'[6] I. Indu, P. M. R. Anand, and V. Bhaskar, .Identity
and access management in cloud environment:
Mechanisms and challenges,= Aug. 01, 2018,
Elsevier B.V. doi: 10.1016/j.jestch.2018.05.010.
'[7] V. C. Hu et al., .NIST Special Publication 800-162
Guide to Attribute Based Access Control (ABAC)
Definition and Considerations=, doi:
6028/NIST.SP.800-162.
'[8] H. Hugo, .Membuat Rest API Service Sederhana
dengan PHP Native dan SQLite.= [Online].
'[9] N. Robles, N. Potes, K. Garcés, J. Luis, C. Izquierdo,
and J. Cabot, .Exploratory Analysis of the Structural
Evolution of public REST APIs,= Apr. 2023.
[Online]. Available: https://apis.guru/
'[10] M. Gluhak and M. Heričko, .Comparison of Graph
and REST APIs,= 2023. [Online]. Available:
https://foo.com/api/employees/123/projects.
'[11] F. Palma, T. Olsson, A. Wingkvist, and J. GonzalezHuerta, .Assessing the Linguistic Quality of REST
APIs for IoT Applications,= May 2022, [Online].
Available: http://arxiv.org/abs/2205.06533
'[12] A. Arcuri, M. Zhang, and J. Galeotti, .Advanced
White-Box Heuristics for Search-Based Fuzzing of
REST APIs,= ACM Transactions on Software
Engineering and Methodology, vol. 33, no. 6, Jun.
, doi: 10.1145/3652157.
'[13] V. Atlidakis, P. Godefroid, and M. Polishchuk,
.Checking Security Properties of Cloud Service
REST APIs,= in Proceedings - 2020 IEEE 13th
International Conference on Software Testing,
Verification and Validation, ICST 2020, Institute of
Electrical and Electronics Engineers Inc., Oct. 2020,
pp. 387–397. doi: 10.1109/ICST46399.2020.00046.
'[14] M. Idris, I. Syarif, and I. Winarno, .Web Application
Security Education Platform Based on OWASP API
Security Project,= EMITTER International Journal of
Engineering Technology, pp. 246–261, Dec. 2022,
doi: 10.24003/emitter.v10i2.705.
'[15] P. Pant et al., .Authentication and Authorization in
Modern Web Apps for Data Security Using Nodejs
and Role of Dark Web,= in Procedia Computer
Science, Elsevier B.V., 2022, pp. 781–790. doi:
1016/j.procs.2022.12.080.
'[16] A. Y. Nashikhuddin, J. Karaman, and Y. Litanianda,
.IMPLEMENTASI API RESTFUL DENGAN
JSON WEB TOKEN (JWT) PADA APLIKASI ECOMMERCE THRIFTY SHOP UNTUK
OTENTIKASI DAN OTORISASI PENGGUNA,=
vol. 7, no. 2, 2023, doi:
46880/jmika.Vol7No2.pp239-246.
'[17] M. Waseem, P. Liang, M. Shahin, A. Di Salle, and G.
Márquez, .Design, monitoring, and testing of
microservices systems: The practitioners’
perspective,= Journal of Systems and Software, vol.
, p. 111061, Dec. 2021, doi:
1016/j.jss.2021.111061.
'[18] H. Aljawawdeh, M. Sabri, and L. Maghrabi, .Toward
Serverless and Microservices Architecture:
Literature, Methods, and Best Practices,= 2023, pp.
–584. doi: 10.1007/978-3-031-43300-9_47.
'[19] H. Koç, A. M. Erdoğan, Y. Barjakly, and S. Peker,
.UML Diagrams in Software Engineering Research:
A Systematic Literature Review,= in The 7th
International Management Information Systems
Conference, Basel Switzerland: MDPI, Mar. 2021, p.
doi: 10.3390/proceedings2021074013.
'[20] S. Al-Fedaghi, .UML Sequence Diagram: An
Alternative Model,= 2021. [Online]. Available: www.thesai.org
'[21] A. Alshamrani and A. Bahattab, .A Comparison
Between Three SDLC Models Waterfall Model,
Spiral Model, and Incremental/Iterative Model.=
[Online]. Available: www.IJCSI.org
'[22] T. Scott, .Waterfall methodology.= [Online].
Available: https://www.leadertask.com/articles
'[23] S. Pargaonkar, .A Study on the Benefits and
Limitations of Software Testing Principles and
Techniques: Software Quality Engineering,=
International Journal of Scientific and Research
