Abstract
As enterprise systems, Grids, and other distributed applications scale up and become increasingly complex, their authorization infrastructures--based predominantly on the request-response paradigm--are facing the challenges of fragility and poor scalability. We propose an approach where each application server recycles previously received authorizations and shares them with other application servers to mask authorization server failures and network delays. This paper presents the design of our cooperative secondary authorization recycling system and its evaluation using simulation and prototype implementation. The results demonstrate that our approach improves the availability and performance of authorization infrastructures. Specifically, by sharing authorizations, the cache hit rate--an indirect metric of availability--can reach 70 percent, even when only 10 percent of authorizations are cached. Depending on the deployment scenario, the average time for authorizing an application request can be reduced by up to a factor of two compared with systems that do not employ cooperation.
Highlights
A RCHITECTURES of modern access control solutions—[1], [2], [3], [4], [5]—are based on the request-response paradigm, illustrated in the dashed box of Fig. 1
The single point of failure property of the policy decision point (PDP) leads to reduced availability: the authorization server may not be reachable due to a failure of the network, of the software located in the critical path (e.g., OS), of the hardware, or even from a misconfiguration of the supporting infrastructure
We sought to estimate the achievable gains in terms of availability and performance, and determine how they depend on factors such as the number of cooperating secondary decision point (SDP) and the frequency of policy changes
Summary
A RCHITECTURES of modern access control solutions—[1], [2], [3], [4], [5]—are based on the request-response paradigm, illustrated in the dashed box of Fig. 1. In this paradigm, a policy enforcement point (PEP) intercepts application requests, obtains access control decisions (a.k.a. authorizations) from the policy decision point (PDP), and enforces those decisions. The single point of failure property of the PDP leads to reduced availability: the authorization server may not be reachable due to a failure (transient, intermittent, or permanent) of the network, of the software located in the critical path (e.g., OS), of the hardware, or even from a misconfiguration of the supporting infrastructure. Redundancy and other general purpose fault-tolerance techniques for distributed systems scale poorly, and become technically and economically infeasible when the number of entities in the system reaches thousands [7], [8]. (For instance, eBay has 12,000 servers and 15,000 application server instances [9].)
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
