... | ... | @@ -88,7 +88,7 @@ We chose this method as we wanted to analyze the qualities with real traffic and |
|
|
|
|
|
We chose to use the OPA caching directly rather than rely on HTTP cache-control as Entitlements service does not support this today. This could be an optimization added to improve the caching logic and potentially improve reliability/performance in the future as the cache-control header has support for more caching options e.g. cache while revalidate and error.
|
|
|
|
|
|
Also Storage service passes the standard OSDU headers x-user-id, data-partition id etc. directly as input to the OPA request. This increases the coupling between the two however we could not find a way for OPA to automatically transform these from the API request made to it. More work can be done here to see if the OPA server can set these automatically and reduce this coupling between calling servicesand the OPA server.
|
|
|
Also Storage service passes the standard OSDU headers x-user-id, data-partition id etc. directly as input to the OPA request. This increases the coupling between the two however we could not find a way for OPA to automatically transform these from the API request made to it. More work can be done here to see if the OPA server can set these automatically and reduce this coupling between calling services and the OPA server.
|
|
|
|
|
|
### Results
|
|
|
Below we show the usage statistics of the PUT Storage API over different time periods and compare that to when it was using OPA and the new policies.
|
... | ... | |