On Tue, Nov 9, 2010 at 9:12 AM, Oliver Senn <[email protected]> wrote:
> There have been lots of discussions about security in/on top of/below > ZeroMQ lately. I have a question not about encrypting messages but about > restricting arbitrary people (i.e. sockets) from subscribing to a e.g. > PUB socket. > > Is this possible with ZeroMQ? Is the PUB socket even aware of who is > subscribing to its messages? Can we make this functionality available on > an API level? > > Because besides encryption, I will also need a way to define which > people have access to which data. How could one implement such an access > system with the current ZeroMQ library? This is usually called "authenticated pubsub" and there have been some threads on that. The pubsub infrastructure does not provide any hooks for authenticating subscribers. Basically, if you want to use pub-sub sockets, they are by design a radio broadcast model, where the publisher is unaware of subscribers. You can encrypt a broadcast but it's encrypted the same way for all subscribers. So the two ways of securing a pubsub architecture are: * use encryption on messages and pass the key out-of-band * do not use pub-sub sockets but instead xrep-xreq and custom routing -Pieter _______________________________________________ zeromq-dev mailing list [email protected] http://lists.zeromq.org/mailman/listinfo/zeromq-dev
