*2.2. Search Process*

To identify studies in the literature, we performed an automatic search in the main digital databases in the field of Computer Science. The digital databases used in the systematic literature review were: DBLP (https://dblp.uni-trier.de, accessed on 4 February 2022), IEEE Digital Library (http://ieeexplore.ieee.org, accessed on 4 February 2022) and Scopus (http://www.scopus.com, accessed on 4 February 2022). The search string used in digital databases was defined according to the keywords that must appear in the search results. The search string used was:

("MICROSERVICE" OR "MICROSERVICES") AND ("SECURITY" AND "AU-THENTICATION" AND "AUTHORIZATION") AND ("CHALLENGE\*" OR "PROBLEM\*" OR "ISSUE\*" OR "SOLUTION\*" OR "PROTOCOL\*" OR "MECH-ANISM\*" "STRATEG\*" OR "IMPLEMENTATION\*" OR "OPENSOURCE" OR "OPEN-SOURCE" OR "OPEN SOURCE").

We also applied the "snowballing" process which aims to prevent relevant studies from being omitted [20]. In this process, references about the research object in each selected study are verified. Thus, we searched for papers where selected studies were cited.

### *2.3. Inclusion and Exclusion Criteria*

The selection criteria for primary studies seek to identify papers that provide information about the research questions. Therefore, we defined the following inclusion and exclusion criteria, based on the research questions:
