[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [cloudauthz-comment] Related work on distributed (federated) authorization
Maarten, Very
Interesting summary for the first link: “From these results, we can conclude that federated authorization comes with a performance penalty compared to full provider-side authorization. However, depending on the relative amount of tenant attributes in the tenant policies, fed- erated authorization can achieve better performance than provider-side autho- rization with federated authentication. To illustrate a realistic case, the example policy rules from the e-health case study presented in Section 3.1 require sig- nificantly more tenant attributes than provider attributes: the tenant hosts the subject roles, treating relationships, pa tient consent and patient diseases while the provider hosts ownership relations and the application data itself.” The high end overhead is about ½ a second – for about 30 attributes per policy.
Regards, Radu Marian, MSCS, SCEA, CISSP Bank of America - Charlotte, NC
VP, Architect 2, Security Architecture and Innovation Business phone number: (704) 628-6874 an Enterprise without Ontology is like a country without a map. From: cloudauthz-comment@lists.oasis-open.org [mailto:cloudauthz-comment@lists.oasis-open.org]
On Behalf Of Maarten Decat Hi all, This message, and any attachments, is for the intended recipient(s) only, may contain information that is privileged, confidential and/or proprietary and subject to important terms and conditions available at http://www.bankofamerica.com/emaildisclaimer. If you are not the intended recipient, please delete this message. |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]