Hi, We have an authenticated content that is presently being polled by our clients in order to get updates. We would like to move to a pubsub based model, and was looking at the feasibility of extending PSHB to support that.
Has anyone thought of this in PSHB, or have experience using any other system? My initial thoughts were to use PSHB as a pinging service, by which a subscriber will come to know when a new content is available. The content itself will be directly fetched by the subscriber from the publisher, instead of from an intermediate hub. The reason for this is, the hubs won't have authentication required for fetching the content, and the subscriber might not want to give its authentication credentials to an intermediate hub (for privacy sake). The above scheme avoids polling. But during fetch phase all the load hits the publisher rather than being distributed across the PSHB network. This opens an DDoS attack opportunity for "rogue" hubs. A compromised or rogue hub could send out false update pings, causing all downstream subscribers to issue a fetch request to the publisher. To avoid this each update ping from a hub will have to be authenticated (by signature) by the subscriber before accepting it as a valid ping. For signing we could use shared secret and a secure hash function, but this approach soon runs into some trouble with the shared secret management. Easier might be to use PGP styled signing to authenticate the source of the update as the publisher. Any inputs? Is there any other/simpler way to do this? Regards, Sachin
