You can do the sizing of your cache and CF Structure by running the TSSFAR utility. I forget the option you run it with, but it will give you both recommended settings based on how your security file is currently used with regards to number of rules, profiles, and user IDs you currently have defined.
I also forgot that you can fine tune your security file allocation as well. If you run the TSSMAINT in Dummy mode it will tell you the recommended block size and other values for your file.
Your also correct that Auth setting does affect performance. I forget about that because all places I work at have the Auth setting at OVERRIDE,ALLOVER which is recommended. If you do choose to use one of the MERGE options then the TSS address space will use more CPU.
As for the NOxxxCHK bypass attributes, the theory of taking them away causing a noticeable system performance issue is total rubbish IMO. Your Goal should be to never use these attributes. Most companies are spending tons of money trying to remove these attributes from the environment because of the Audit implications. The reality is that the CACAHE and SECCACHE options will counter any performance problems from heavily used ID’s. The shorten code path that the Bypass attribute takes is not that much of a savings if you are properly tuned running on a Modern z Processor.
I have not found a tool for estimating the SECCACHE size. I usually turn it on at 1GB with the default index values and monitor it. You can check the status of the caches at any time, and can monitor if they are being flushed a lot or if your index is filling up a lot, and you can just keep tuning it until you get it to the spot you need. It is using Virtual Memory so I would not be afraid of starting at 1GB and see what they activity on your system does with it.
Kevin