Introducing concurrency in policy-based access control

Policy-based access control aims to decouple access control rules from the application they constrain by expressing these rules in declarative access control policies. Performance of policy-based access control is of growing importance, but concurrent and distributed policy evaluation has received little research attention and current policy evaluation engines are still single-machine and fully sequential to the best of our knowledge. We believe that concurrent policy evaluation is necessary to meet the performance and scalability requirements of next-generation internet applications and aid the maturation of policy-based access control. Therefore, this paper presents an initial exploration of concurrent policy evaluation. We illustrate the performance of current policy evaluation engines, model the performance of policy evaluation in terms of the characteristics of a policy, list opportunities for concurrency, describe the need for concurrency control and specifically show how concurrency can be used to improve throughput based on our prototype.