Even if the second level caching is activated for Hibernate there are still some problem with performance when you have 20,000 users and all of them have many roles assigned. I was interested to know the target usecase for PicketLink?
If this is an OSS project does that mean that it does not suppose to support many users (10,000 - 50,000 users) and many organizations, communities and roles?
The target use case is to manage identity model for JBoss projects such as GateIn, PicketLink etc. We have not looked at performance improvements at the scale that you mention.
My reference to OSS is that you have access to the code to look at and do your profiling and feed us back results/suggestions. We are not touting IDM to be like a super identity management model. It is supposed to solve IDM issues. Performance improvements will be done as we get feedback (such as yours).
sorry for the late response. I cannot give you any numbers or benchmarks. PicketLink IDM is used in GateIn and EPP as core framework to manage users and groups. We are currently doing some profiling around cache usage and actually last week I fixed a buh related to API cache - results was not stored properly properly in RelationshipManagerImp.findRelatedGroups() method. Did you play with "JBossCacheAPICacheProviderImpl" and tried tuning JBoss Cache configuration?. Regarding hibernate store implementation we are planning to do another round of profiling soon. If you did some work in this area any contribution is highly welcome. We are also slowly gathering requirements for PLIDM usage in next version of GateIn which can trigger design improvements and some needed refactorings. If you can share experience about your PicketLink IDM adoption it would also be valuable. I would be interested to hear about things like possible API or SPI improvements and weak points in framework design. If you have any code or patches to share you can contact me directly by email: boleslaw.dawidowicz (at) redhat.com