Abstract
In multi-tenant cloud environments, traditional perimeter-based security models are increasingly inadequate for securing microservice architectures. These legacy frameworks often rely on centralized Identity and Access Management (IAM) systems, which introduce single points of failure, scalability bottlenecks, and vulnerability to insider threats. To address these challenges, this paper presents ZT-IdChain, a novel Zero-Trust IAM framework designed specifically for multi-tenant microservices utilizing distributed ledger technology (DLT). By leveraging a decentralized ledger, the proposed framework establishes a tamper-proof registry of tenant identities, access policies, and cryptographic credentials, eliminating the reliance on a single central authority. We introduce a localized, high-performance cryptographic caching mechanism embedded within sidecar proxies to mitigate the latency overhead typically associated with distributed ledger lookups. A prototype of ZT-IdChain was implemented using Hyperledger Fabric and deployed in a multi-tenant Kubernetes cluster. Empirical evaluations demonstrate that ZT-IdChain achieves microsecond-level authorization latency under high-concurrency workloads while maintaining absolute tenant isolation and resilience against token replay and unauthorized cross-tenant access. The results indicate that integrating decentralized ledgers with zero-trust principles is both technically viable and highly performant for securing modern cloud-native applications.