On Mon, Aug 5, 2013 at 11:32 PM, Scott Marlow <smarlow@redhat.com> wrote:

What does a clustered PicketLink deployment look like? Does PL rely on the platform clustering services to notify nodes of changes to tokens in the database (e.g. update/delete/add)?

The token registry is little used today and mostly useful for auditing purposes.

JPA would be used as a alternative to the in-memory (default) and file-based registries which are not suitable for clustered deployments, probably on top of a (simple) clustered database.

>From [3] that you mentioned at the start of this thread, it sounds like there is no clustering but instead some type of database polling to check if a token is revoked. When does the revoke check occur? Do you have any scalability issues here?

The revocation registry is also only useful for auditing purposes.

Do revoked Ids get removed from the database?

AFAIK, no.

Scott

[3] https://access.redhat.com/site/documentation/en-US/JBoss_Enterprise_Application_Platform/6.1/html/API_Documentation/files/javadoc/org/picketlink/identity/federation/core/sts/registry/JPABasedRevocationRegistry.htm

--
Fernando Ribeiro

Upic

+55 11 9 8111 4078