Hi Doron., Token-based pub-sub sounds interesting. I'm not sure how this fits into what we're already doing with authentication. There's a zeromq-dev thread on providing authentication credentials to the caller per message.
-Pieter On Sat, Jan 25, 2014 at 6:52 AM, Doron Somech <somdo...@gmail.com> wrote: > Hi All, > > I created a new pattern in NetMQ which I think will also benefit ZeroMQ, the > pattern called TPubSub, the T is for Token, anyway if you have a better name > please do suggest. > > The idea is to create a pubsub where the publisher decide on the subscriber > subscriptions, this is to achieve permission based subscriptions. > > Instead of subscriptions the subscriber will send the publisher a token, the > publisher upon receiving the token will decide on the subscriber > subscriptions. > The token can be an x509 certificate or blob received by authorizing with > another service (can be a simple web service) and receiving an signed blob > with the client identity and maybe client permissions. > > The publisher receiving the blob will be able to make sure it's authentic > and to set the client permission according to the permissions. > > The TSub can set a token which will be send to any TPub the TSub is > connected to using zmq_setsockopt with option ZMQ_TSUB_TOKEN or send a > message prefixed with zero. > > The TPub will receive any messages send by the TSub, the first frame will be > the identity (as in router) and then the message send by the TSub, the TPub > can set TSub subscriptions with first call to zmq_setsockopt with > ZMQ_TPUB_SELECT and the peer identity and then call zmq_setsockopt with > ZMQ_TPUB_SUBSCRIBE or ZMQ_TPUB_UNSUBSCRIBE along with the subscription. > > You can take a look at the branch here: > https://github.com/somdoron/netmq/tree/fpubsub > Most of the magic happen at the TPub and TSub you can also take a look at > the unit testing to see how to use it: > https://github.com/somdoron/netmq/blob/fpubsub/src/NetMQ.Tests/TPubSubTests.cs. > > I will add a pull request to NetMQ soon, I need to add some more testing and > want to hear your thoughts. > > Also together with ZMTP 3.0 hopefully coming to all zeromq libraries we can > really have a secure pubsub. > > Small example in C#: > > using(NetMQContext context = NetMQContext.Create()) > { > using (TPublisherSocket publisherSocket = > context.CreateTPublisherSocket()) > { > publisherSocket.Bind("tcp://127.0.0.1:5557"); > > using (TSubscriberSocket subscriberSocket = > context.CreateTSubscriberSocket()) > { > subscriberSocket.SetToken("all"); > subscriberSocket.Connect("tcp://127.0.0.1:5557"); > > // first is the identity > byte[] identity = publisherSocket.Receive(); > > // now is the token, token always start with zero > byte[] token = publisherSocket.Receive(); > > Debug.Assert(token[0] == 0); > > string tokenString = Encoding.ASCII.GetString(token, 1, > token.Length - 1); > > if (tokenString == "all") > { > publisherSocket.SelectPeer(identity); > > // The peer will be subscribed to all messages > publisherSocket.SubscribePeer(""); > } > > publisherSocket.Send("Hello"); > > string messsage = subscriberSocket.ReceiveString(); > > Debug.Assert("Hello" == messsage); > } > } > } > > Regards, > > Doron > > > > _______________________________________________ > zeromq-dev mailing list > zeromq-dev@lists.zeromq.org > http://lists.zeromq.org/mailman/listinfo/zeromq-dev > _______________________________________________ zeromq-dev mailing list zeromq-dev@lists.zeromq.org http://lists.zeromq.org/mailman/listinfo/zeromq-dev
