XACML Policy Performance Evaluation Using a Flexible Load Testing Framework
Proc. 17th ACM Conference on Computer and Communications Security (CCS 2010), [short paper]
Chicago, Illinois, USA
The performance and scalability of access control systems is growing more important as organisations deploy ever more complex communications and content management systems. Fine-grained access control is becoming more pervasive, so decisions are more frequent and policy sets are larger. We outline a flexible performance testing framework that accepts XACML PDP implementations (in the server component) and submits representative access control requests (from the client component) in a representative temporal ordering. The framework includes instrumentation and analysis modules to support performance experiments. We describe an initial realization of the framework and report on initial experiments comparing the performance of the SunXACML and Enterprise XACML PDPs.