(Security, ECC, delegation)
My most elegant security system was in a crypto platform I wrote in 2018. The owners wanted Ethereum as the basis since it was already used in our platform. We delegated encryption key management to each customer which simplified the system quite a bit. Ethereum's ECC automatically extracts the public key from a signed (JSON) message, which we then associated back to a user id. That signed message is part of the incoming REST header. A nice feature was immutability of the message, so we could legally guarantee timestamps, reference ids, etc.
It's essentially a passwordless system. The downside is that it requires a client SDK to encrypt the signed message with a client private key. But in a commercial system, you want to avoid integrating and managing each client's security anyway.
AD1: Infrastructure with Cloud Formation
AD2: Messaging I/O
AD3: Abstract Factory
AD5: Application Layer - Aspects
AD5: Application Layer - Canonical
AD5: Application Layer - Data Mapping
AD5: Application Layer - Protocol Adapter