The policy decision point (PDP) and the PingAuthorize Policy Editor support caching for attributes. The ability to cache resolved attributes can deliver significant performance gains for the PDP.
Carefully consider this concept to ensure optimum configuration.
This section focuses on the individual cache options that you can set at the attribute level.
Attribute caching can be indefinite or time-limited, with or without the scope of another attribute value.
With time-limited caching, you set the duration for which the cache lives (Time to Live) before it expires.
With Scope set to an attribute, if the value of that attribute
changes, the system invalidates the cache for the attribute you are defining. In the
example below, as long as the
sessionId value remains the same, the
value of the attribute you are defining is cached. When the
changes, the system invalidates the cache and uses normal resolution.
If the attribute does not exist in the cache, the PDP resolves the attribute automatically by using the appropriate attribute resolvers and then adds it to the cache. All subsequent attribute usages use the cached value until it expires from the cache, which results in another attribute resolution.
The cache key for a Trust Framework attribute value includes a hash of the values required for it to resolve. If one of these values changes, the cache key automatically becomes invalid. You can think of this arrangement as an aggregation of Scope parameters that guard against inconsistencies between your cached values.