hi NuwanD,
Yes, you and I are in sync.
But lets elaborate on enterprise cache creation policy, to get a clear idea.
the structure of a cache entry - a list of enterprise subscription objects
under the app id as the key
enterprise subscription object => {enterpriseId, isSubscribed}
This entry will be created either in the first cache miss or when the store
admin adds/removes enterprise subscriptions.
are we in sync ?
on another note, wont this cause stale data in cache due to synchronization
issues ?
e.g. *first cache miss* for an *unsubscribed enterprise* and marking that
enterprise as subscribed enterprise happens at the *same time*. won't there
be a possibility of having a cache entry saying that the particular
enterprise is *not subscribed* ?
thanks
rushmin
On Sun, Jul 20, 2014 at 9:38 PM, Nuwan Dias <[email protected]> wrote:
> Hi Rushmin,
>
> Let me see if I got what you are suggesting correctly.
>
> You are suggesting two caches, the first which stores a subscriptionInfo
> object agains the user identity. The other (optional) to store the
> enterprise subscription cache. Each user using the gateway will have his
> subscriptionInfo cached in the first cache (irrespective of his
> subscription type). If the subscription type of a particular user is
> enterprise subscription, the second cache will be looked up to find the
> enterprise subscription info. The cache key of the first cache would be the
> user-id, whereas the key for the second would be the enterprise-id.
>
> Regarding the cache creation and removal policies, heres what I think...
>
> The cache creation policy for the first cache will be the first login of
> any user. The cache creation policy for the second cache will the *first
> user* of a particular enterprise using an enterprise subscription to log
> in.
>
> When a user with an individual subscription unsubscribes himself, the
> respective entry from the first cache is removed (since we know the
> user-id). When an admin removes an enterprise from a subscription, the
> respective entry from the second cache is removed (since we know the
> enterprise-id).
>
> Thanks,
> NuwanD.
>
>
> On Fri, Jul 18, 2014 at 10:20 AM, Rushmin Fernando <[email protected]>
> wrote:
>
>>
>> As of now App Manager gateway queries the DB to check authorization
>> (subscription) for the requested app, for each request.
>>
>> During the code review we came up with some opinions to cache that info
>> properly.
>>
>> *How it works (please see the attached diagram too)*
>> *-------------------*
>>
>> There are two caches.
>>
>> - Security Info cache
>> - Subscribed enterprises cache
>>
>>
>> *Security Info cache*
>> *- - - - - - - - - - - - - - - -*
>>
>> *Key*
>> User identity
>>
>> *Creation Policy*
>> An entry is created when the user signs in to an app ( using the IDP )
>>
>> *Usage Policy*
>> An entry has the authentication info and subscription info
>> A relevant subscription entry is created when the user requests a
>> resource of an app for the first time.
>>
>> When subsequent requests come for the same app, gateway will get the
>> entry from cache and checks the subscription info
>> If the subscription type is 'individual' user will be granted to get the
>> resource.
>> If the subscription type is 'enterprise', enterprises repository (cache
>> or DB) is be queried to checked weather the enterprise is a subscribed
>> enterprise. If thats the case, user is granted to the resource.
>>
>> Relevant subscription entry will be updated when the user unsubscribes
>> himself from an app.
>>
>> *Clearing policy*
>> Cache entry is deleted when the user signs out
>>
>>
>> *Subscribed enterprises cache*
>> *- - - - - - - - - - - - - - - - - - - - - *
>>
>> *Key*
>> App Identity
>>
>> *Creation policy*
>> When app manager starts ??
>>
>> *Usage policy*
>> An entry has the subscribed enterprises for an app
>> Relevant entry will be updated when the store admin adds or removes
>> subscribed enterprises of an app.
>>
>> *Clearing policy*
>> no explicit clearing scenario ??
>>
>>
>> Thoughts please
>>
>> --
>> *Rushmin Fernando*
>> *Technical Lead*
>>
>> WSO2 Inc. <http://wso2.com/> - Lean . Enterprise . Middleware
>>
>> email : [email protected]
>> mobile : +94772310855
>>
>>
>>
>
>
> --
> Nuwan Dias
>
> Associate Tech Lead - WSO2, Inc. http://wso2.com
> email : [email protected]
> Phone : +94 777 775 729
>
--
*Rushmin Fernando*
*Technical Lead*
WSO2 Inc. <http://wso2.com/> - Lean . Enterprise . Middleware
email : [email protected]
mobile : +94772310855
_______________________________________________
Architecture mailing list
[email protected]
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
