How Much Time to Allow for Clock Skew?

internetsynchronizationtime

We are writing a B2B application that uses OAuth 2.0. Before a token expires we want to refresh it since it is faster to refresh a token, than to request a new one. However, we want to build in some resilience in the system to clock skew, so we want to consider a token expired a few seconds/minutes before it would actually expire.

How many seconds/minutes is it reasonable to expect for two servers, both connected to the internet, in different locations, to differ by?

Best Answer

You need to do this based on what you actually see in your system. The two basic approaches are to do it once or to make your code adjust on the fly. The first is obviously a lot easier to do but somewhat less resilient.

Doing it once means logging the time difference for each pair of servers for a while and seeing what you get. This might take a while, since you want to see whether they're re-synchronising to NIST or similar at intervals. But even very early on you should get an idea of whether the time differences are consistent or not. Then hard-code in some reasonable value. The biggest jump is likely to be the correction one, but you may never see that actually happen so you'll be guessing "our site is quiet overnight but the skip sees to happen between 2am and 6am AEST" is likely).

The more resilient but more code version is to do the above but map your actual offset to the most recently observed values. If your timeout is a couple of hours and you see the other system has been drifting a second a month just build that in to your pre-expiry. It only gets complex when you're trying to guess the point at which the other system will jump a couple of seconds back due to a monthly clock correction.

I think the latter is overkill unless you're looking at jumps within a factor of 10 of the total expiry time. At that point you're going to want to throw away 20% of the total time, which is a 25% increase in OAuth traffic. So it might be worthwhile to write more code in an effort to reduce it. But even then, that might not be the biggest bandwidth saving you can get for your programming time.

Related Solutions

Unit-testing – How to automatically test a time check

One simple way is to pass in the time from outside the method:

doSomething(long currentTime) {
   //...stuff
   startTime = currentTime;
   //... more stuff
}

Your production code that calls the method can pass in the real value for System.currentTimeMillis(), whereas your unit test(s) can pass in a specific known value.

Of course, this isn't quite the same as your original. Another possibility that is a little more complex but should mimic the behaviour of your of your original more closely:

doSomething(ITimeGetter timeGetter) {
   //...stuff
   startTime = timeGetter.GetCurrentTime;
   //... more stuff
}

Define the interface:

interface ITimeGetter
{
   long GetCurrentTime();
}

Two implementations, one for the production code:

class RealTimeGetter implements ITimeGetter
{
  long GetCurrentTime()
  {
      return System.currentTimeMillis();
  }
}

One for the unit tests:

class TimeGetterForTests implements ITimeGetter
{
  long GetCurrentTime()
  {
     // return a known value.
  }
}

Instantiate an ITimeGetter appropriate to your scenario and pass it in to the method you want to test.

How to program effectively when it takes a long time to simply test your code

First off, any sort of interactive debugging is great. You want that in your toolkit, because if not yet, then someday you will really benefit from having it. (Details vary by language, platform, and IDE.)

requiring interaction with an external server, and unable to implement automation due to authentication, software architecture, or complexity.

I'd look into some frameworks for using mock objects. These allow you to surround the component being tested with a fake ecosystem of other components, so that your tests are more specifically-targeted and you can avoid testing everything as a whole unit as much.

In addition, the mock objects themselves can be programmed in with assertions, so you can check that the component-being-tested really did make a certain call.

Best Answer

Related Solutions

Unit-testing – How to automatically test a time check

How to program effectively when it takes a long time to simply test your code

Related Topic