I'm creating a series of RESfull services using the microservice architecture described by Martin Fowler recently in his blog (http://martinfowler.com/articles/microservices.html) But I need for all the methods to be accessed exclusively by authorized users. I'm implementing a service facade that should handle user authentication and redirect api requests to the appropriate service. How should the facade handle passing on the authentication to the underlying services? Should all the services use the Basic http authentication independently or is there a way for the facade to inherit the user it authenticates?
Thanks
