Attribute Cache Configurations

The caching of values fetched by Attribute Finders (PIPs) is an important means of increasing the performance of a PDP. Accordingly, Axiomatics default Attribute Connectors (SQL, LDAP) make use of attribute caching.

The Cache Configurations in ASM are objects specifying whether and how attributes fetched from external sources (SQL, LDAP etc.) should be cached by a PDP via Attribute Finders.

The Cache Configurations are managed as separate, first-order objects with their own life cycle in ASM. Once a Cache Configuration has been created, it is set per attribute mapping within the Attribute Connector configurations.

Changes to the Cache Configuration, including modifications or deletions of cache profiles, will be propagated to all Authorization Services with Attribute Finders that use corresponding profiles.

General configuration

Field	Description	Supported format
Name	The name of the Cache Configuration as it is referenced in the ASM system. This should generally be kept short and meaningful to the ASM administrator.	Any string
Description	Free-form description of the Cache Configuration	Any string
Time to live	How long the PDP will store the cached values. When the time expires, the cached values will be removed from the PDP's memory.	Integer data type is supported here. The value is specified in seconds.
Max cache size	The maximum number of attribute values the cache will store per attribute mapping.	Integer data type is supported here. The value is specified in items.

Note:   When a cache reaches its maximum capacity, the PDP and its Attribute Finders will still be able to store a new attribute value, but this will cause the least recently used (LRU) cached value to be evicted from the cache.

Creating a new Cache Configuration

A new Cache Configuration can be created by clicking the "Create" icon in the action bar of the Cache Configuration tab. This opens an empty edit form in the Tools pane where all the information for the new cache can be filled in.

Any number of Cache Configurations can be created in the system but there will be two configurations present by default in the system:

• "Default" An editable but not removable configuration that has a default setting to not cache attributes. Any new attribute mapping will get this setting. "Default" can be redefined to enable caching for a large number of attributes.

• "No cache" A non-editable and non-removable setting that always can be used to turn off caching for attributes.

Modifying a Cache Configuration

To modify a Cache Configuration, select it from the list by clicking on it. The edit mode will open. Make the desired changes in the Tools pane. Press "Apply" to submit the changes or "Cancel" to discard the modifications.

Deleting a Cache Configuration

Cache Configuration elements can be removed singly or in batches by checking the checkboxes next to the items to be deleted and then clicking on the Remove button.

Note that all Attribute Finders using the deleted profile will revert to using the default profile instead. In addition, the change will be immediately propagated to all Authorization Services.

Using a Cache Configuration for Attribute Connectors

To use a Cache Configuration for an attribute mapping within an Attribute Connector, open the Attribute Connectors tab in the main pane and create an Attribute Connector. Add the needed configuration. As soon as an attribute mapping has been added and saved, the Cache Configuration link for this Attribute Connector will appear in the Attribute Connectors list.

Click the Cache Configuration link. The Tools pane will open enabling the user to select the Cache Configuration and assign it to the attribute mappings in the Attribute Connector.

Field	Description	Supported format
Category	Category of the attribute used in the attribute mapping	Standard category specified in the Attribute Dictionary
ID	The Attribute ID	Attribute ID format
Name	The name of the Cache Configuration	Available Cache Configurations are given in the drop-down list