The request-response paradigm used for access control solutions commonly leads to point-to-point (PTP) architectures with security enforcement logic obtaining decisions from the authorization servers through remote procedure calls. In massive-scale and complex enterprises, PTP authorization architectures result in fragile and subefficient solutions. The architectures also fail to exploit virtually free CPU resources and network bandwidth. This paper proposes to leverage publish-subscribe architectures for increasing failure resilience and efficiency by flooding delivery channels with speculatively pre-computed authorizations and recycling them on just-in-time basis.
↧