Hi Chamin, You are making a valid point.
But per Application we expect the access token to be refreshed periodically and that period would stay uniform. The app developer can choose to update the token either before the expire time or after it has been expired. But per application, this would remain more or less constant, thus not altering the average I've mentioned above. Hope I made myself clear. Thanks, Sachith On Sat, Feb 27, 2016 at 3:50 PM, Chamin Dias <cham...@wso2.com> wrote: > Hi Sachith, > > User can decide the validity period of the access token at the time of > creating the token. > Thus, after the end of the lifetime of a particular token, user *must* > renew it. Hopefully this will affect the average time difference of the > token renewal pattern. > > Hence, for the calculation, shall we consider the validity of the current > token as well? Because statistically "average" is something which is > affected by an outlier (in this case, if the token has expired, user > *must* renew it, this renewal action might deviate from the usual renewal > pattern). > > Thanks. > > On Fri, Feb 26, 2016 at 3:21 PM, Sachith Withana <sach...@wso2.com> wrote: > >> Hi all, >> >> We are working on detecting abnormal access token refreshing to detect if >> the credentials are being misused. >> >> The current implementation is as follows. >> >> For each access token refreshing, an event would be triggered from APIM >> to DAS. >> >> The average time difference between token refreshing per each consumerID >> (per Application) would be stored in as the average refresh time for the >> consumerID. >> >> If an abnormal access token refresh comes, it will be detected through >> measuring if it lies within the average refresh time range ( the percentile >> values would be provided by the user) and if it doesn't, a pre-configured >> alert would be sent out. >> >> WDYT? >> >> Thanks, >> Sachith >> -- >> Sachith Withana >> Software Engineer; WSO2 Inc.; http://wso2.com >> E-mail: sachith AT wso2.com >> M: +94715518127 >> Linked-In: <http://goog_416592669> >> https://lk.linkedin.com/in/sachithwithana >> >> _______________________________________________ >> Architecture mailing list >> Architecture@wso2.org >> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >> >> > > > -- > Chamin Dias > *Software Engineer* > Mobile : +94 (0) 716 097455 <%2B94%20%280%29%20773%20451194> > Email : cham...@wso2.com > Blog : https://chamindias.wordpress.com/ > > _______________________________________________ > Architecture mailing list > Architecture@wso2.org > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture > > -- Sachith Withana Software Engineer; WSO2 Inc.; http://wso2.com E-mail: sachith AT wso2.com M: +94715518127 Linked-In: <http://goog_416592669>https://lk.linkedin.com/in/sachithwithana
_______________________________________________ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
