Translate part of core-features documents (#2840)
* Translate protocols.md
* Translate security.md & service-mesh.md
* Translate more.md
diff --git a/content/en/overview/core-features/more.md b/content/en/overview/core-features/more.md
index 8093f4f..aff57e6 100644
--- a/content/en/overview/core-features/more.md
+++ b/content/en/overview/core-features/more.md
@@ -1,7 +1,70 @@
---
+description: Advanced Features Guide
+linkTitle: More Advanced Features
+title: More Advanced Features
type: docs
-title: "更多高级功能"
-linkTitle: "更多高级功能"
-weight: 100
-description: ""
+weight: 11
---
+
+As a microservice framework closely related to application development and aimed at providing enterprise-level service governance capabilities, Dubbo offers a variety of advanced features covering service call behavior control, service diagnostics and tuning, and service governance.
+
+Different language SDKs may have slight variations in feature implementation and configuration methods. For a specific list of features and usage, refer to the following documents:
+* [Java](/zh-cn/overview/mannual/java-sdk/advanced-features-and-usage/)
+* [Golang](/zh-cn/overview/mannual/golang-sdk/tutorial/)
+
+## Controlling Service Invocation Behavior
+* Service Versions
+* Service Groups
+* Group Aggregation
+* Asynchronous Invocation
+* Asynchronous Execution
+* Streaming Communication
+* Reactive Programming
+* Generic Invocation
+* Generic Implementation
+* Passing Implicit Parameters in Call Chain
+* RPC Call Context
+* Invocation Event Notifications
+* Server Callbacks to Client
+* Subscribe Only
+* Register Only
+* Runtime Dynamic IP Specification
+* Direct Provider Connection
+* Startup Checks
+* Local Invocation
+* Parameter Validation
+* Local Mocking
+* Local Stubs
+* Echo Tests
+* Invocation Information Logging
+* Delayed Exposure
+* Cluster Fault Tolerance
+* Service Degradation
+
+## Diagnostics and Tuning
+* Port Protocol Multiplexing
+* Thread Pool Isolation
+* Multiple Protocols
+* Multiple Registry Centers
+* Request Latency Sampling
+* Thread Models
+* Service Reference Configuration Object Caching
+* Route State Collection
+* Load Balancing
+* Simplified Registration Information
+* Invocation Result Caching
+* Concurrency Control
+* Connection Control
+* Delayed Connections
+* Sticky Connections
+* Graal VM Support
+* Exporting Thread Stack Trace
+* Kryo and FST Serialization
+* Custom Service Container
+* Graceful Shutdown
+* Custom Host Address Exposure
+* Consistent Hashing
+* Logging Framework Adaptation and Runtime Management
+* Kubernetes Lifecycle Probes
+
+These features are designed to provide more control and flexibility in a microservices environment. They can help improve system reliability, enhance performance, and ease the process of deploying, managing, and scaling applications.
diff --git a/content/en/overview/core-features/security.md b/content/en/overview/core-features/security.md
index a3a9160..deeb6bb 100644
--- a/content/en/overview/core-features/security.md
+++ b/content/en/overview/core-features/security.md
@@ -1,11 +1,98 @@
---
type: docs
-title: "认证鉴权"
-linkTitle: "认证鉴权"
+title: "Authentication"
+linkTitle: "Authentication"
weight: 70
-description: ""
+description: |
+ Offers TLS-based transport layer authentication and encrypted communication, as well as request-based authorization, to help build a Zero Trust distributed microservices system.
feature:
title: Zero-trust Security
description: >
It supports TLS-based transmission link authentication and encrypted communication, as well as permission verification based on request identity, helping to build a zero-trust distributed microservice system.
---
+
+Dubbo provides comprehensive mechanisms to build a secure microservices communication system, also known as a Zero Trust system. This includes:
+* Preventing man-in-the-middle attacks by offering identity authentication (Authentication) and TLS-based encrypted communication.
+* Controlling inter-service access authorization (Authorization) with mechanisms like mTLS and permission checks.
+
+This document will guide you through leveraging Dubbo's security features to build a Zero Trust system for your microservices, focusing on authentication, transparent encryption, authorization, and auditing. Since Zero Trust is a comprehensive approach, you may need another infrastructure, such as certificate management and security policy control.
+
+> **Note**: The scope of this document does not include certificate generation and distribution. We assume you already have an infrastructure in place for certificate management. Hence, we will focus on Dubbo's authentication and authorization mechanisms and processes. If you lack such infrastructure, we recommend using a service mesh architecture like Istio for certificate management and security policies.
+
+## Architecture
+
+A complete Zero Trust system comprises multiple components:
+
+* A Root Certificate Authority (CA) to manage keys and certificates.
+* A security policy management and distribution center to send real-time policies to data plane components:
+ * Authentication policies
+ * Authorization policies
+ * Secure Naming Information
+* Data plane components (Dubbo) responsible for identification, encryption, and policy enforcement.
+* A suite of tools and ecosystems to complete security audits and data link monitoring.
+
+In a service mesh deployment like Istio, the control plane typically handles security policies and certificates, interacting with infrastructure like the Kubernetes API Server to distribute configuration data to Dubbo or other data plane components.
+
+Here is a comprehensive architecture diagram for Dubbo Zero Trust:
+
+
+
+## Authentication
+
+Dubbo provides two modes of authentication:
+
+* **Channel Authentication**: Dubbo supports TLS-based HTTP/2 and TCP communication. You can enable TLS through Channel Authentication API or control plane policies for server identity authentication and data link encryption. Additionally, you can enable mTLS for client-server mutual authentication. This is a service-to-service mode of authentication.
+* **Request Authentication**: Dubbo offers APIs to attach user identity credentials (like JWT tokens) in the request context. Dubbo automatically recognizes these identity tokens for permission checks. You can also customize these tokens, like OAuth2 access tokens. This is an end-user mode of authentication, representing the identity of the user logged into the system.
+
+### Architecture
+
+In Istio mode, Dubbo's authentication mechanism automatically interfaces with the Istio control plane through xDS. Certificates and authentication policies generated by the Istio control plane are automatically sent to the Dubbo data plane, which applies them to all subsequent data communications.
+
+
+
+#### Dubbo mTLS Flow
+
+In Istio deployments, you can enable or disable Channel Authentication's mutual authentication through control plane policies. The workflow for mutual authentication is as follows:
+
+1. Istio sends authentication policies to enable mutual authentication.
+2. The Dubbo client initiates a mutual TLS handshake with the server, performing a secure naming check to validate the server's identity.
+3. A mutual mTLS link is established between the client and server for encrypted communication.
+4. The Dubbo server recognizes the client's identity and checks whether it has the permission to access the corresponding resource.
+
+### Authentication Policies
+For specific rules supported by Istio, Dubbo fully supports Istio-defined authentication policies.
+
+[Read More](https://istio.io/latest/docs/concepts/security/#authentication-policies)
+
+## Authorization
+
+Dubbo has abstracted an authorization extension mechanism but currently only supports the Istio system. Thus, its authorization capabilities are equivalent to those described in the official Istio documentation.
+
+[Read More](https://istio.io/latest/docs/concepts/security/#authorization)
+
+### Architecture
+
+Dubbo receives user-configured authorization policies from the Istio control plane through xDS. When a request reaches a Dubbo instance, the built-in authorization engine matches the request parameters and user identity against the policy. If the match is successful, access is granted; otherwise, it's denied.
+
+
+
+### Authorization Policies
+For specific rules supported by Istio, Dubbo fully supports Istio-defined authorization policies.
+
+[Read More](https://istio.io/latest/docs/concepts/security/#authorization-policies)
+
+## Dubbo Authentication API
+
+Dubbo defines an authentication API. For general use cases, developers can enable TLS/mTLS through this API. However, in an Istio control plane deployment, Dubbo automatically recognizes the certificates and authentication policies sent by Istio, so no special configuration is needed on the Dubbo side.
+
+Whether or not you use the Istio control plane, JWT tokens for Request Authentication still need to be specified programmatically in Dubbo.
+
+For language-specific API definitions, please refer to the respective SDK documentation:
+* [Java](/)
+* [Go](/)
+* [Rust](/)
+* [Node.js](/)
+
+## Sample Tasks
+
+Please visit the following [Dubbo Task Examples](/) for hands-on practice with security policies.
diff --git a/content/en/overview/core-features/service-mesh.md b/content/en/overview/core-features/service-mesh.md
index 685f2ce..21e5093 100644
--- a/content/en/overview/core-features/service-mesh.md
+++ b/content/en/overview/core-features/service-mesh.md
@@ -1,11 +1,76 @@
---
-type: docs
-title: "服务网格"
-linkTitle: "服务网格"
-weight: 80
-description: ""
+description: Service Mesh
feature:
- title: Service Mesh
- description: >
- Flexible data plane (Proxy & Proxyless) deployment support, seamless access to the Istio control plane governance system.
+ description: |
+ Flexible data plane (Proxy & Proxyless) deployment options, seamlessly integrating with the Istio control plane governance ecosystem.
+ title: Service Mesh
+linkTitle: Service Mesh
+title: Service Mesh
+type: docs
+weight: 9
+working-in-progress: true
---
+
+Dubbo Mesh is Dubbo's comprehensive microservices solution in a cloud-native context. It helps developers integrate Dubbo services with standard Kubernetes Native Service systems, enabling seamless connectivity with leading service mesh products like Istio.
+
+Below is the deployment architecture diagram for Dubbo Mesh.
+
+
+
+* Control Plane: Istio serves as the unified control plane, providing cluster-wide capabilities like Kubernetes adaptation, service discovery, certificate management, observability, and traffic management.
+* Data Plane: Dubbo application instances act as data plane components and support two deployment modes:
+ * Proxy Mode: Dubbo and Envoy are deployed in the same pod, and all traffic to and from Dubbo is intercepted and managed by Envoy.
+ * Proxyless Mode: Dubbo instances are deployed independently, communicating directly with each other and interacting directly with the control plane via the xDS protocol.
+
+For general content on service mesh architecture and why you might want to integrate with the Istio control plane, please refer to the [Istio official website](https://istio.io/). This document will focus on the Dubbo Mesh solution itself.
+
+## Dubbo Mesh
+
+### Proxy Mesh
+In Proxy mode, Dubbo is deployed alongside a sidecar like Envoy.
+
+
+
+The architecture diagram above depicts Dubbo Proxy Mesh deployment:
+* Dubbo and Envoy are deployed in the same pod, with Istio managing traffic and governance.
+* Dubbo provides programming APIs and RPC communication capabilities for business applications, while other capabilities like address discovery, load balancing, and routing are delegated to Envoy, which intercepts all incoming and outgoing traffic.
+* The control plane distributes configurations to Envoy via the xDS protocol, as indicated by the dashed lines in the diagram.
+
+In Proxy mode, using Dubbo3 communication layers like Triple, gRPC, and REST that are based on HTTP can result in better gateway penetration and performance.
+
+### Proxyless Mesh
+In Proxyless mode, there are no proxy components like Envoy. Dubbo's processes are deployed independently and communicate directly. Istio's control plane interacts with Dubbo processes for governance via the xDS protocol.
+
+
+
+In Proxyless mode, Dubbo deployment is basically the same as before, but the Dubbo3 SDKs directly implement xDS protocol parsing.
+
+#### Why Proxyless Mesh?
+
+While Proxy mode offers many advantages, such as smooth upgrades, multi-language support, and minimal business intrusion, it also introduces some challenges:
+* Sidecar communication adds extra performance overhead, especially noticeable in complex network topologies.
+* The presence of a sidecar complicates application lifecycle management.
+* Not all environments can accommodate Sidecar deployment and request interception.
+
+In Proxyless mode, Dubbo processes continue to communicate directly:
+* There is no additional Proxy-related overhead, making it more suitable for performance-sensitive applications.
+* It simplifies legacy system migration.
+* The architecture is simple and easy to manage.
+* It is suitable for almost all deployment environments.
+
+## Sample Tasks
+After acquiring sufficient theoretical knowledge, we recommend that you visit the following [examples](/en/overview/tasks/mesh) for hands-on practice.
+
+## Visualization
+We recommend using [Dubbo Admin](/zh-cn/overview/tasks/deploy) as the visualization console for your Dubbo cluster. It is compatible with all Kubernetes, Mesh, and non-Mesh architecture deployments.
+
+Additionally, you can use [Istio's official recommended visualization tools](https://istio.io/latest/docs/tasks/observability/kiali/) to manage your Dubbo Mesh cluster.
+
+## Integration with Non-Istio Control Planes
+Dubbo Mesh itself is not tied to any control plane product implementation. You can use Istio, Linkerd, Kuma, or any control plane product that supports the xDS protocol. The same applies to Sidecars.
+
+If you have already experienced the [Dubbo Mesh based on Istio](/) sample tasks and find that Istio meets your governance needs for Dubbo Mesh, then adopting Istio as your control plane is the preferred solution.
+
+If you find that Dubbo's capabilities are limited in Istio mode and need those capabilities, you may consider integrating Dubbo's control plane to replace Istio for better native Dubbo support and performance. For details, please refer to [Dubbo Mesh Sample Tasks based on Custom Dubbo Control Plane](/).
+
+> In short, this is a customized version of the control plane released by the Dubbo community based on Istio. For installation and capability differences of Dubbo's control plane, please refer to the sample task link above.
