000000161 001__ 161
000000161 005__ 20130522141940.0
000000161 037__ $$aLERSSE-RefJnlPaper-2008-005
000000161 041__ $$aeng
000000161 100__ $$aQiang Wei
000000161 100__ $$aMatei Ripeanu
000000161 100__ $$aKonstantin Beznosov
000000161 245__ $$aCooperative Secondary Authorization Recycling
000000161 260__ $$c2008-07-22
000000161 300__ $$a16p
000000161 520__ $$aAs enterprise systems, Grids, and other distributed applications scale up and become increasingly complex, their authorization infrastructures—based predominantly on the request-response paradigm—are facing challenges of fragility and poor scalability. We propose an approach where each application server recycles previously received authorizations and shares them with other application servers to mask authorization server failures and network delays. This paper presents the design of our cooperative secondary authorization recycling system and its evaluation using simulation and prototype implementation. The results demonstrate that our approach improves the availability and performance of authorization infrastructures. Specifically, by sharing authorizations, the cache hit rate—an indirect metric of availability—can reach 70%, even when only 10% of authorizations are cached. Depending on the deployment scenario, the average time for authorizing an application request can be reduced by up to a factor of two compared with systems that do not employ cooperation.
000000161 6531_ $$aCSAR
000000161 6531_ $$aSAAM
000000161 6531_ $$aJAMES
000000161 6531_ $$aauthorization recycling
000000161 6531_ $$acooperation
000000161 6531_ $$aEngineering Security Mechanisms
000000161 8560_ $$fqiangw@ece.ubc.ca
000000161 8564_ $$uhttp://lersse-dl.ece.ubc.ca/record/161/files/161.pdf$$yTransfer from CDS 0.99.7
000000161 909C4 $$pQiang Wei, Matei Ripeanu, and Konstantin Beznosov, "Cooperative Secondary Authorization Recycling," IEEE Transactions on Parallel and Distributed Systems, vol. 20 n.2, February 2009, pp.275-288.
000000161 980__ $$aRefJnlPaper