Resource Access Decision (RAD) Service allows separation of authorization from application functionality in distributed application systems by providing a logically centralized authorization control mechanism. RAD has attractive features such as decoupling of authorization logic from application logic, simplicity, generality, flexibility, support for complex application level access control, and ease of policy administration in heterogeneous, distributed systems. However, there is a concern of performance penalty for obtaining authorization decisions from a possibly remote server on each application request. We describe our work in measuring run-time performance of a CORBA-based Application Authorization Service (CAAS), which is compliant with the OMG specification of Resource Access Decision Facility, and draw conclusions about performance considerations in implementation of RAD compliant authorization services. We identify factors, which affect overall run-time performance of the approach and suggest possible solutions.
↧
