On Aug 8, 2013, at 15:48 , Laurent Alebarde wrote: > Concerning ZAP, I have re-read the RFC27 and > https://github.com/zeromq/rfc/blob/master/src/spec_27.c. Both the use cases > and how to use it are unclear to me. BTW, it seems from RFC26 that CurveZMQ > provides server and client authentication. So, why would we need ZAP ? There > is something I don't catch.
CurveZMQ provides authentication, ZAP provides authorisation. The naming (i.e. ZMQ Authentication Protocol) is a bit unfortunate. CurveZMQ only deals with "client managed to authenticate", it doesn't decide whether a specific client is allowed to connect to a certain socket (beyond the basic unauthenticated clients can't connect). ZAP lets you add arbitrary authorisation mechanisms to decide based upon authenticated identity. Cheers, Merijn
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ zeromq-dev mailing list [email protected] http://lists.zeromq.org/mailman/listinfo/zeromq-dev
