Spring Security Support for RemoteAclService to get permissions in microservices

Summary

If we have a microservice to manage the Acl permissions, we need a RemoteAclService to get permissions like RemoteTokenServices for getting token in Spring Cloud Security,Is it a good design to have a separate microservice for acl?

Comment From: jzheaux

Thanks for the idea, @mehdichitforoosh. I don't think that there would be much for Spring Security to do here since you would know what your remote queries look like. Please feel free to share if you ended up creating a remote implementation. Otherwise, I'm going to close this issue as there is no work to be done.

Is it a good design to have a separate microservice for acl?

As far as your question, some companies do it; Google Zanzibar is an example. It can be challenging to get something like that to scale especially since that often leads to this remote service needing to have copies of (or access to) domain data.