OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: For Thursday: ABAC Performance


Performance analysis can be a touchy subject for vendors. No one wants to look bad or be singled out as the worst performing product. No one wants to be last in a list of products with only very slightly different performance. Therefore I am not advocating comparing the performance of different products.

 

Instead we need research into more fundamental constraints that affect all ABAC environment. We need to break down the decision cycle into its components and determine which have the biggest effect on latency. Tentatively I would propose three: attribute retrieval, data formatting (request & response) and policy evaluation. Here are some hypotheses which could be tested:

 

·        Attribute retrieval requires far more time than anything else.

·        Attribute retrieval cost depends on the number of round trips to repositories, not the number of attributes.

·        Formatting is negligible.

·        Policy evaluation depends somewhat on the total number of policies in force but does not vary a lot according the number and complexity of applicable policies.

·        For most PDPs policy parsing is only done once and has no performance impact on the decision request.

 

I have no idea if any of these are true, I simply offer them as examples of the kinds of questions that could be investigated. Answering these questions would help determine whether optimizations such as caching attribute values or optimizing policy expressions are likely to be worth the trouble.

 

Hal



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]