---
title: Attribute caching
description: The policy decision point (PDP) and the PingAuthorize Policy Editor support caching for attributes. The ability to cache resolved attributes can deliver significant performance gains for the PDP.
component: pingauthorize
version: 11.1
page_id: pingauthorize:pingauthorize_policy_administration_guide:paz_attr_caching
canonical_url: https://docs.pingidentity.com/pingauthorize/11.1/pingauthorize_policy_administration_guide/paz_attr_caching.html
llms_txt: https://docs.pingidentity.com/pingauthorize/llms.txt
docs_for_agents: https://developer.pingidentity.com/build-with-ai/docs-for-agents.md
revdate: June 29, 2026
section_ids:
  caching-strategies: Caching strategies
  caching-behavior: Caching behavior
---

# Attribute caching

The policy decision point (PDP) and the PingAuthorize Policy Editor support caching for attributes. The ability to cache resolved attributes can deliver significant performance gains for the PDP.

This section focuses on the individual cache options that you can set at the attribute level. See [Configuring Trust Framework attribute caching for development](../pingauthorize_server_administration_guide/paz_tf_attribute_cache_external.html) or [Configuring Trust Framework attribute caching for production](../pingauthorize_server_administration_guide/paz_tf_attribute_cache_embedded.html) for more information.

|   |                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                 |
| - | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
|   | When using AWS ElastiCache for external Redis caching, you can use static credentials or IAM authentication as the authentication method. If you choose IAM authentication, you must restart the PingAuthorize Server to fall back to static credentials.IAM authentication failures can reveal service or attribute cache errors. Learn more about how to resolve these in [Troubleshooting AWS IAM authentication issues](../troubleshooting_pingauthorize_server/paz_troubleshoot_aws_iam_auth_issues.html). |

## Caching strategies

Attribute caching can be indefinite or time-limited, with or without the scope of another attribute value:

* With time-limited caching, you set the duration for which the cache lives (**Time to Live**) before it expires.

* With **Scope** set to an attribute, the cached value remains valid as long as that attribute's value stays the same. If the scope attribute's value changes, the system invalidates the cache for the attribute you're defining.

  In the following example, as long as the `sessionId` value remains the same, the value of the attribute you're defining is cached. When the `sessionId` changes, the system invalidates the cache and uses normal resolution:

  ![Screen capture of the Caching section settings for a Trust Framework attribute](_images/paz-time-limited-caching-with-scope-attribute.png)

## Caching behavior

Attribute caching uses a one-level approach where cache entries are stored and retrieved from the single configured cache type. If the attribute does not exist in the cache, the PDP resolves the attribute automatically by using the appropriate attribute resolvers and then adds it to the cache. All subsequent attribute usages use the cached value until it expires from the cache, which results in another attribute resolution.

|   |                                                                                                                                                                                                                                                                                                                                     |
| - | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
|   | The cache key for a Trust Framework attribute value includes a hash of the values required for it to resolve. If one of these values changes, the cache key automatically becomes invalid. You can think of this arrangement as an aggregation of `Scope` parameters that guard against inconsistencies between your cached values. |
