Requirements

Authentication and authorization are critical services that can not afford geographic delays, especially across continents, in order to allow adequate responsiveness. Users and developers of services should not have to know which authentication service is used (i.e. a load balancing and failover solution from a centralized address (probably the coordinating node address) should be able to access any of the replicated services. Replicas should be located at multiple trusted sites (probably coordinating nodes) that are geographically distributed (incl. across continents)

Fit Criteria

• Authentication operations should be less than xxx milliseconds from any point in the network

• Replicas of authentication and authorization services are geographically replicated

• Failover across replicated services is automatic without client-side intervention