Page tree
Skip to end of metadata
Go to start of metadata
  • What's the problem
    • Stateful data cannot be replicated fast enough, esp when authenticating clients are devices, things, microservices, etc and not humans.
    • This means legit clients who have authenticated are denied access to resources
  • What's the solution
    • All the data that would have been stored in a Stateful session, is stored in a JWT.
    • The JWT is signed and optionally encrypted
    • When JWT is presented to AM
    • All AM servers globally use the same key to check signature
  • Sounds good, but how does logout work?
    • Logout means that a session token should no longer work. How do all AM servers know a given session is now invalid?
    • On logout, a session is added to a blacklist
  • But that means we have state (the blacklist) that needs replicating, right?
    • Yes, but we can minimize the size of the blacklist and the speed of lookups by using Bloom Filters
    • Bloom Filters store large quantities of data in a very compact form and can answer the question of "is this token in the blacklist?" extremely efficiently
    • Probability of False Positives can be managed by number of hash functions and size of filter.
    • Sample of FPP:

      # Blacklisted sessions

      Size (1% FPP)

      Size (0.1% FPP)

      Size (0.01% FPP)

      10,000

      11.7kB

      17.6kB

      23.4kB

      100,000

      117kB

      176kB

      234kB

      24,000,000

      27.4MB

      41.1MB

      54.8MB

      1,000,000,000

      1.12GB

      1.67GB

      2.23GB

    • AM implements chained Bloom Filters
    • The blacklist only needs to hold tokens which are between logout time and expiry time, so it can be cleaned up.

  • Why aren't all architectures stateless?
    • Some things very hard to do with stateless - e.g. Session Quotas, dynamic session contents, etc
    • Stateful vs Stateless depends on the use case.
    • AM offers both models.
  • No labels