Consider a user session storage solution for permissions caching #131

teemukataja · 2019-09-26T06:30:23Z

Proposed solution

The new GA4GH RI JWT-based claims cause considerable stress and traffic on the application. In the current solution (based on the previous implementation) a request that contains a token will always have to go through the decoding and validation process. For example in a case where 10 users query the service, each of them having 10 dataset permissions, the service will have to decode 100 tokens, make 100 requests for JWKs, validate those 100 tokens. On each request.

Investigate a solution on how to cache the permissions (up to 1 hour, or based on token exp claim) to avoid the decoding-requesting-validation process for subsequent queries.

DoD (Definition of Done)

Investigate and implement a user session solution to store permissions, so that subsequent queries don't create new token validation processes and requests.

Related to #130

Testing

Unit tests.
Integration tests.
Documentation.

The text was updated successfully, but these errors were encountered:

teemukataja added enhancement New feature or request ga4gh Global Alliance for Genomic and Health labels Sep 26, 2019

blankdots added this to the Version 1.5rc0 milestone Sep 30, 2019

blankdots removed this from the Version 1.5rc0 milestone Oct 18, 2019

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Consider a user session storage solution for permissions caching #131

Consider a user session storage solution for permissions caching #131

teemukataja commented Sep 26, 2019

Consider a user session storage solution for permissions caching #131

Consider a user session storage solution for permissions caching #131

Comments

teemukataja commented Sep 26, 2019

Proposed solution

DoD (Definition of Done)

Testing