András Belokosztolszki, David M Eyers, Peter R Pietzuch, Jean Bacon and Ken Moody Role-Based Access Control for Publish/Subscribe Middleware Architectures DEBS’03, San Diego, CA, USA, June 2003
1 Access Control for Pub/Sub Security with minimal overhead to pub/sub efficiency Access control checks at –Client connection time Client Connection Policy –Event type management Type Management Policy –Advertisement time Advertisement Policy –Subscription time Subscription Policy Only local (edge) brokers need to check policy –Take advantage of the pub/sub system –Introduce Restrictions for advertisements and subscriptions Scalability –Role-based access control
2 General Architecture Edge brokers –Perform access control –No overhead at pub time –Subscribe to Policy Evolution Events Generic Restriction Predicate Black box predicate May be expensive Pub/Sub Restriction Predicate Use filters available by pub/sub system Get access control for “free” Hybrid schemes Combination of both
3 Broker Trust May not want to trust all brokers Trusted broker sub- graphs with certificate chains Verify connectivity per sub-graph Use pub/sub for revocation and policy update
4 Conclusions Scalable and efficient access control is needed for publish/subscribe systems Take advantage of the pub/sub system for restrictions Policy can be updated via the pub/sub infrastructure Brokers may not be fully trusted Future Work –Complete implementation –Tighter integration of roles and event types
5 Thank You Any Questions?