Title :
A capability-based access control architecture for multi-domain publish/subscribe systems
Author :
Pesonen, Lauri I W ; Eyers, David M. ; Bacon, Jean
Author_Institution :
Comput. Lab., Cambridge Univ.
Abstract :
Publish/subscribe has emerged as an attractive communication paradigm for building Internet-wide distributed systems by decoupling message senders from receivers. So far most of the research on publish/subscribe has focused on efficient event routing, event filtering, and composite event detection. Very little research has been published regarding securing publish/subscribe systems. In this paper, we present a capability-based access control architecture that enables multiple domains to co-operate in order to build a shared, wide-scale publish/subscribe system. Our architecture employs SPKI authorisation certificates for delegating access control responsibilities to access control services within independent domains in order to balance security and scalability. The architecture supports controlling access both for new event brokers joining the broker network as well as for clients accessing the publish/subscribe API
Keywords :
Internet; authorisation; distributed processing; public key cryptography; Internet-wide distributed system; SPKI authorisation; capability-based access control architecture; communication paradigm; multidomain publish system; multidomain subscribe system; publish-subscribe systems; simple public key infrastructure; Access control; Authorization; Computer architecture; Event detection; Filtering; Internet; Large-scale systems; Matched filters; Peer to peer computing; Routing;
Conference_Titel :
Applications and the Internet, 2006. SAINT 2006. International Symposium on
Conference_Location :
Phoenix, AZ
Print_ISBN :
0-7695-2508-3
DOI :
10.1109/SAINT.2006.1
