1. Technical Field
This disclosure relates generally to application security and in particular to a method and system for automatic generation of cache directives for authorization decisions associated with security policy evaluation.
2. Background of the Related Art
Many authorization systems provide a mechanism to integrate with external systems whose results can be combined to calculate an authorization decision. In a known system, a security policy manager includes a mechanism to model application resources and actions, attach policy controlling the conditions under which those resources can be accessed, and evaluate that policy by invoking an authorization API. In such a system, however, calls to external authorization systems cause additional processing overhead, particularly with a decision engine that is remote to the calling application. The performance impact of this remote call can be reduced by the introduction of a cache that determines if, when and how authorization decisions should be cached for re-use.
Within some authorization engines, internal caches may exist and which reduce the amount of time it takes to calculate an authorization decision. A problem, however, still exists when a caller is required to make a remote call to an authorization engine. As noted, the performance cost of making the remote call usually is much larger than any performance gain due to internal caching within the authorization engine itself.