Hi, I've recently been thinking about $subject. Currently when we generate an access token we persist it in the DB for various reasons. One of those reasons is for validation of the issued token. But with self contained signed access tokens we no longer need to look up the DB to validate the access token. Not having to lookup a DB during validation is a very powerful capability which opens avenues for heavily distributed architectures, regional resiliencies and so on. What would be the downsides of not persisting self-contained access tokens? And what mechanisms can we come up with to remediate those?
Thanks, NuwanD. -- *Nuwan Dias* | Director | WSO2 Inc. (m) +94 777 775 729 | (e) [email protected] [image: Signature.jpg]
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
