Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

When object history entries are created, they are signed as explained in Chained signature for object history in Identity Manager. Many users may use Identity Manager in parallel, but a chained signature requires a strict ordering of the entries. Furthermore, as the signature of the previous entry is also signed by the next entry's signature, entries need to be signed sequentially. This introduces a bottleneck, as users access the system in parallel but the history they generate must be signed sequentially.

When history entries need to be signed, they must wait in a queue for any prior entries that have not been signed yet. When new entries are generated faster than they can be signed, this can effectively block the system. A growing queue is a telltale sign that this situation may be approaching.