Hi Rushmin, Let me see if I got what you are suggesting correctly.
You are suggesting two caches, the first which stores a subscriptionInfo object agains the user identity. The other (optional) to store the enterprise subscription cache. Each user using the gateway will have his subscriptionInfo cached in the first cache (irrespective of his subscription type). If the subscription type of a particular user is enterprise subscription, the second cache will be looked up to find the enterprise subscription info. The cache key of the first cache would be the user-id, whereas the key for the second would be the enterprise-id. Regarding the cache creation and removal policies, heres what I think... The cache creation policy for the first cache will be the first login of any user. The cache creation policy for the second cache will the *first user* of a particular enterprise using an enterprise subscription to log in. When a user with an individual subscription unsubscribes himself, the respective entry from the first cache is removed (since we know the user-id). When an admin removes an enterprise from a subscription, the respective entry from the second cache is removed (since we know the enterprise-id). Thanks, NuwanD. On Fri, Jul 18, 2014 at 10:20 AM, Rushmin Fernando <rush...@wso2.com> wrote: > > As of now App Manager gateway queries the DB to check authorization > (subscription) for the requested app, for each request. > > During the code review we came up with some opinions to cache that info > properly. > > *How it works (please see the attached diagram too)* > *-------------------* > > There are two caches. > > - Security Info cache > - Subscribed enterprises cache > > > *Security Info cache* > *- - - - - - - - - - - - - - - -* > > *Key* > User identity > > *Creation Policy* > An entry is created when the user signs in to an app ( using the IDP ) > > *Usage Policy* > An entry has the authentication info and subscription info > A relevant subscription entry is created when the user requests a > resource of an app for the first time. > > When subsequent requests come for the same app, gateway will get the entry > from cache and checks the subscription info > If the subscription type is 'individual' user will be granted to get the > resource. > If the subscription type is 'enterprise', enterprises repository (cache or > DB) is be queried to checked weather the enterprise is a subscribed > enterprise. If thats the case, user is granted to the resource. > > Relevant subscription entry will be updated when the user unsubscribes > himself from an app. > > *Clearing policy* > Cache entry is deleted when the user signs out > > > *Subscribed enterprises cache* > *- - - - - - - - - - - - - - - - - - - - - * > > *Key* > App Identity > > *Creation policy* > When app manager starts ?? > > *Usage policy* > An entry has the subscribed enterprises for an app > Relevant entry will be updated when the store admin adds or removes > subscribed enterprises of an app. > > *Clearing policy* > no explicit clearing scenario ?? > > > Thoughts please > > -- > *Rushmin Fernando* > *Technical Lead* > > WSO2 Inc. <http://wso2.com/> - Lean . Enterprise . Middleware > > email : rush...@wso2.com > mobile : +94772310855 > > > -- Nuwan Dias Associate Tech Lead - WSO2, Inc. http://wso2.com email : nuw...@wso2.com Phone : +94 777 775 729
_______________________________________________ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
