[infinispan-dev] Infinispan security?
Joni Hahkala
joni.hahkala at cern.ch
Sun Sep 11 11:40:00 EDT 2011
On 07/09/2011 18:04, Manik Surtani wrote:
> On 2 Sep 2011, at 13:04, Joni Hahkala wrote:
>
>> Is there any performance numbers for infinispan? What kind of response
>> times would be required from secure version and what they are now etc?
> No had requirements as such, since I think anyone expecting to deploy a secure data grid will expect performance tradeoffs. What sort of factors do you envisage with the approaches you outlined below?
For ssl, you would have the problem of the handshake, you have two
request-response cycles before you can even start to send the actual
data. So, with anything else than intra cluster networking, you get
bitten by the network latency. You can resume old ssl sessions, which
save one request-response cycle, or you can keep the sockets open, and
only do the handshake once, but at least keeping the sockets open
doesn't scale so far. Then there is also the certificate checking, but
that shouln't be that big of an issue unless you want to go for ultimate
speed.
With everything there is the overhead of encryption and possibly the
signing, but that shouldn't be such a big slowdown.
The Seam framework seems to be more of user authentication, and would
probably be good for managing the authorization information. But for
authentication between the nodes and clients maybe keys would be better,
kind of like ssh is doing.
Cheers,
Joni
>
> --
> Manik Surtani
> manik at jboss.org
> twitter.com/maniksurtani
>
> Lead, Infinispan
> http://www.infinispan.org
>
>
>
>
> _______________________________________________
> infinispan-dev mailing list
> infinispan-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/infinispan-dev
More information about the infinispan-dev
mailing list