<div dir="ltr"><br><div class="gmail_extra"><div class="gmail_quote">On Mon, Aug 5, 2013 at 11:32 PM, Scott Marlow <span dir="ltr"><<a href="mailto:smarlow@redhat.com" target="_blank">smarlow@redhat.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><br>
What does a clustered PicketLink deployment look like? Does PL rely on the platform clustering services to notify nodes of changes to tokens in the database (e.g. update/delete/add)?<br></blockquote><div><br></div><div>
The token registry is little used today and mostly useful for auditing purposes.<br><br>JPA would be used as a alternative to the in-memory (default) and file-based registries which are not suitable for clustered deployments, probably on top of a (simple) clustered database.<br>
</div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
>From [3] that you mentioned at the start of this thread, it sounds like there is no clustering but instead some type of database polling to check if a token is revoked. When does the revoke check occur? Do you have any scalability issues here?<br>
<br></blockquote><div><br></div><div>The revocation registry is also only useful for auditing purposes.<br></div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Do revoked Ids get removed from the database?<br></blockquote><br>AFAIK, no.<br></div><div class="gmail_quote"><div> <br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
Scott<br>
<br>
[3] <a href="https://access.redhat.com/site/documentation/en-US/JBoss_Enterprise_Application_Platform/6.1/html/API_Documentation/files/javadoc/org/picketlink/identity/federation/core/sts/registry/JPABasedRevocationRegistry.html" target="_blank">https://access.redhat.com/site/documentation/en-US/JBoss_Enterprise_Application_Platform/6.1/html/API_Documentation/files/javadoc/org/picketlink/identity/federation/core/sts/registry/JPABasedRevocationRegistry.htm</a><br>
</blockquote></div><br>-- <br>Fernando Ribeiro<br><div>Upic</div><div>+55 11 9 8111 4078</div>
</div></div>