In remote cache mode, resource managers use
the function calls from the authorization API to communicate to the
remote authorization server.
The authorization server functions as the authorization decision-making
evaluator and maintains its own replica authorization policy database.
The
authorization server decides and returns a recommendation to the application
through the API. The server can also write an audit record that contains
the details of the authorization decision request.
The
remote cache mode requires an authorization server that runs in a
domain, as shown in Figure 1.
The authorization server can be on the same system as the application
or on another system. You also can install the authorization server
on more than one system in a domain for high availability. The authorization
API transparently performs failover when a particular authorization
server fails. Figure 1. Authorization
API: remote cache mode
