[wildfly-dev] PicketLink pulling in JPA (Was: Changes to the PicketLink Module)

Fernando Ribeiro fernando.ribeiro at upic.com.br
Mon Aug 5 23:36:27 EDT 2013


On Mon, Aug 5, 2013 at 11:32 PM, Scott Marlow <smarlow at redhat.com> wrote:

>
> What does a clustered PicketLink deployment look like?  Does PL rely on
> the platform clustering services to notify nodes of changes to tokens in
> the database (e.g. update/delete/add)?
>

The token registry is little used today and mostly useful for auditing
purposes.

JPA would be used as a alternative to the in-memory (default) and
file-based registries which are not suitable for clustered deployments,
probably on top of a (simple) clustered database.


>
> From [3] that you mentioned at the start of this thread, it sounds like
> there is no clustering but instead some type of database polling to check
> if a token is revoked.  When does the revoke check occur?  Do you have any
> scalability issues here?
>
>
The revocation registry is also only useful for auditing purposes.


> Do revoked Ids get removed from the database?
>

AFAIK, no.


>
> Scott
>
> [3]
> https://access.redhat.com/site/documentation/en-US/JBoss_Enterprise_Application_Platform/6.1/html/API_Documentation/files/javadoc/org/picketlink/identity/federation/core/sts/registry/JPABasedRevocationRegistry.htm<https://access.redhat.com/site/documentation/en-US/JBoss_Enterprise_Application_Platform/6.1/html/API_Documentation/files/javadoc/org/picketlink/identity/federation/core/sts/registry/JPABasedRevocationRegistry.html>
>

-- 
Fernando Ribeiro
Upic
+55 11 9 8111 4078
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/wildfly-dev/attachments/20130806/0e30f245/attachment.html 


More information about the wildfly-dev mailing list