Qiang Wei ; Matei Ripeanu ; Konstantin Beznosov

02 July 2007

Abstract: As distributed applications such as Grid and enterprise systems scale up and become increasingly complex, their authorization infrastructures—based predominantly on the request-response paradigm—are facing challenges in terms of fragility and poor scalability. We propose an approach where each application server caches previously received authorizations at its secondary decision point and shares them with other application servers to mask authorization server failures and network delays. This talk presents the design of our cooperative secondary authorization recycling system and its evaluation using simulation and prototype implementation. The results demonstrate that our approach improves the availability of authorization infrastructures while preserving their performance characteristics. Specifically, by sharing authorizations, the cache hit rate—an indirect metric of availability—can reach 70%, even when only 10% of authorizations are cached. Depending on the deployment scenario, the performance in terms of the average time for authorizing an application request can be reduced by up to 30%.

Keyword(s): CSAR ; SAAM ; JAMES ; authorization recycling ; cooperation ; Engineering Security Mechanisms

Published in: Qiang Wei, Matei Ripeanu, and Konstantin Beznosov, "Cooperative Secondary Authorization Recycling," presented at the 16th Symposium on High Performance Distributed Computing (HPDC'07), June 27, 2007, Monterey, California, USA. pp.24. :