Cooperative Secondary Authorization Recycling

As distributed enterprise systems scale up and become increasingly complex their authorization infrastructures are facing new challenges. Conventional request-response authorization architectures become fragile and scale poorly to massive-scale enterprises. We describe a collaborative approach to address these problems. In our approach, each application in the enterprise system caches its previous-made authorizations at its secondary decision point (SDP). An SDP can not only resolve the local request in the future but also share their authorization ability with other SDPs. Our simulation results demonstrate that cooperative authorization recycling approach improves the availability of access control architectures.