Services typically deployed globally.
- Cloud deployments generally useful for this.
- Replication delay
- hardware scaling: vertical vs horizontal
- Response time: dereference vs introspection
Stateless has limitations: no silver bullet. Flips the problem on its head. Negative check vs positive check.
OAuth 2 Access and Refresh tokens.
OpenAM 14.5: Stateless authentication, multistep authentication.
(demonstration of stateless/statefull sessions)
How to store and share cryptographic keys?
- configured outside of the product
- OpenAM pointed to keystore
(demonstration of stateless OAuth2)
Some of the tradeoffs between stateful vs stateless architecture:
- Memory usage: higher for stateful
- Data volatility: Stateless favours more stable data.
- Quota: only possible with stateful.
- Load Balancing: eventually Stateless will move completely to no load balancer requirements.
- Notifications: Stateful will provide more accurate tracking g of session state.
(demonstration of Amster and configuration of stateless sessions)