The invention provides methods, systems and computer programs for dual layer identity based access control implemented within systems that implement a micro-service architecture. The invention involves (i) receiving at a first resource server (a) a request for a first processor implemented service, (b) a primary access token generated by the primary identity authentication server, and (c) validation information corresponding to the primary access token that is transmitted by the primary identity authentication server, (iv) responsive confirming validity of the primary access token, transmitting to a secondary identity authentication server, a request for generation of a secondary access token, (v) receiving the secondary access token at the first resource server, and (vi) transmitting to a second resource server within the server system, a request for a second processor implemented service implemented by said second resource server.