Embodiments of the present invention relate generally to methods and systems for propagating information across systems and more particularly to using a distributed object cache to propagate and activate changes to security information across nodes of a cluster.
Access management systems enforce access to protected resources and the enforcement action is dependent on different types of information (identity, policy, partner, transient, session and configuration). For example, an access management system may be implemented on a grid or cluster of servers and can control access to the various resources of those servers. When a change is made to an access artifact (e.g. policy change, partner addition/deletion), it is imperative that the change be activated to all the access management server instances in the cluster in real-time in order to avoid the potential for security vulnerabilities that result from delayed activation. In addition, the security sensitivity of the access artifacts requires the information to be restricted to the servers hosting the access management applications.
Previous approaches to propagating such changes relied on synchronization of the security information through a database or other external physical repository in which the security information was stored and which was periodically polled by the different instances of the access management server. However, since this approach relies on a polling interval of each instance of the access management server, this approach is slow and the various instances are not synchronized at the same time. Therefore, the changes are not guaranteed to be propagated within that polling period, i.e., until that period has elapsed. Also, reliance on a database or other repository to propagate the information to all of the different server instances provides a single point of failure.
Another technique that has also been used is for the physical repository to provide notifications of changes. This requires additional notification infrastructure which adds to the complexity while the physical repository is still a single point of failure. In addition, the changes still requires two steps, i.e., update the physical repository followed by a notification. Hence, there is a need for improved methods and systems for propagating information, such as security information, across systems, such as across nodes of a cluster.