Perhaps you could allow anyone to subscribe, but publish encrypted data, such that only authorized clients know how to unpack it. -John
On Fri, Jan 11, 2013 at 11:22 AM, Andrzej Dworak <[email protected]>wrote: > Dear colleagues, > > I need to authorize clients requests on the server side. I already have a > system for user authentication & authorization and my question is *how to > best integrate it with ZMQ*? > > For req-rep communication pattern this is quite easy - I do it each time a > new request comes: > 1. server receives data from a client > 2. the data contains also a token that is used to verify client credentials > 3. If credentials are OK then server executes an action or sends requested > data to the client. > 4. If a client does not hold proper rights, then I send back a message > "sorry, no rights to do XYZ". > > For pub-sub it is a bit harder, as in ZeroMQ the server side does not > directly see a client request, so I cannot do something like that: > 1. server receives client request to subscribe > 2. the data contains also the token > 3. if the token is OK we let the client subscribe > 4. if the token is not OK we do not let the client subscribe > > How would you solve the above problem? > The most straightforward solution that comes to my mind is: Instead of > directly subscribing to the publishing socket we ask for its address > through req-rep channel. Along the request we pass our token. If server > verifies that it is OK, then it returns the address of the publishing > socket. The client subscribes to the publisher without any further > validation. > > Of course, this is not a safe solution but it is *good enough* in my case. > Anyway, I am asking as maybe someone could propose an easier/nicer/better > solution. > > Thanks a lot for your help, > Andrzej > > _______________________________________________ > zeromq-dev mailing list > [email protected] > http://lists.zeromq.org/mailman/listinfo/zeromq-dev >
_______________________________________________ zeromq-dev mailing list [email protected] http://lists.zeromq.org/mailman/listinfo/zeromq-dev
