Metrics and assurance (TRiSM‑aligned)
Latency targets
- Policy evaluation: <5ms (cached), <50ms (uncached)
- Authentication: <100ms for OAuth flows
- Token exchange: <20ms for resource-scoped tokens
- Audit logging: <10ms (asynchronous)
Availability requirements
- Gateway availability: 99.9% uptime with active-active configuration
- Policy service: 99.99% availability with Redis failover
- Audit service: 99.5% with asynchronous queuing tolerance
Scalability characteristics
- Horizontal scaling: Stateless services support load balancing
- Decision caching: 95%+ cache hit rate for policy decisions
- Throughput: 10,000+ requests/second per gateway instance