Hi Sachith, User can decide the validity period of the access token at the time of creating the token. Thus, after the end of the lifetime of a particular token, user *must* renew it. Hopefully this will affect the average time difference of the token renewal pattern.
Hence, for the calculation, shall we consider the validity of the current token as well? Because statistically "average" is something which is affected by an outlier (in this case, if the token has expired, user *must* renew it, this renewal action might deviate from the usual renewal pattern). Thanks. On Fri, Feb 26, 2016 at 3:21 PM, Sachith Withana <[email protected]> wrote: > Hi all, > > We are working on detecting abnormal access token refreshing to detect if > the credentials are being misused. > > The current implementation is as follows. > > For each access token refreshing, an event would be triggered from APIM to > DAS. > > The average time difference between token refreshing per each consumerID > (per Application) would be stored in as the average refresh time for the > consumerID. > > If an abnormal access token refresh comes, it will be detected through > measuring if it lies within the average refresh time range ( the percentile > values would be provided by the user) and if it doesn't, a pre-configured > alert would be sent out. > > WDYT? > > Thanks, > Sachith > -- > Sachith Withana > Software Engineer; WSO2 Inc.; http://wso2.com > E-mail: sachith AT wso2.com > M: +94715518127 > Linked-In: <http://goog_416592669> > https://lk.linkedin.com/in/sachithwithana > > _______________________________________________ > Architecture mailing list > [email protected] > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture > > -- Chamin Dias *Software Engineer* Mobile : +94 (0) 716 097455 <%2B94%20%280%29%20773%20451194> Email : [email protected] Blog : https://chamindias.wordpress.com/
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
