Am 28.01.2014 um 09:45 schrieb Doron Somech <[email protected]>: > Thanks Pieter, > > NetMQ doesn't have authentication yet, but once authentication is in place > the token is not needed (and the credentials can be retrieved per message). > What is do needed for me at least is a way for the publisher to decide if > subscriber subscription request is accepted or not, or another way to say it > the publisher is deciding on the subscriptions of each subscriber (mainly > because of permission of each subscriber). > > Maybe using XPUB with special setting which doesn't automatically add the > subscription to the trie, once the subscription message is read we can call > set socket option with SUBSCRIBE and the subscription and the XPUB will know > to attach the subscription to the last pipe message was received from (or we > can implement the select feature).
actually I think XPUB/XSUB is so useful that with a bit more generalized input message processing for many task one would get away with a single socket solution; I found I frequently need a ROUTER besides XPUB really just to submit messages to the actor behind the XPUB explicit tagging of a message as subscribe/unsubscribe/other and support for multipart would go a long way - Michael > > Today in my company we are using DEALER-ROUTER and have a copy of the trie > data structure outside netmq. > > Regards, > > Doron > > > > > > On Mon, Jan 27, 2014 at 11:08 PM, Pieter Hintjens <[email protected]> wrote: > Hi Doron., > > Token-based pub-sub sounds interesting. I'm not sure how this fits > into what we're already doing with authentication. There's a > zeromq-dev thread on providing authentication credentials to the > caller per message. > > -Pieter > > On Sat, Jan 25, 2014 at 6:52 AM, Doron Somech <[email protected]> wrote: > > Hi All, > > > > I created a new pattern in NetMQ which I think will also benefit ZeroMQ, the > > pattern called TPubSub, the T is for Token, anyway if you have a better name > > please do suggest. > > > > The idea is to create a pubsub where the publisher decide on the subscriber > > subscriptions, this is to achieve permission based subscriptions. > > > > Instead of subscriptions the subscriber will send the publisher a token, the > > publisher upon receiving the token will decide on the subscriber > > subscriptions. > > The token can be an x509 certificate or blob received by authorizing with > > another service (can be a simple web service) and receiving an signed blob > > with the client identity and maybe client permissions. > > > > The publisher receiving the blob will be able to make sure it's authentic > > and to set the client permission according to the permissions. > > > > The TSub can set a token which will be send to any TPub the TSub is > > connected to using zmq_setsockopt with option ZMQ_TSUB_TOKEN or send a > > message prefixed with zero. > > > > The TPub will receive any messages send by the TSub, the first frame will be > > the identity (as in router) and then the message send by the TSub, the TPub > > can set TSub subscriptions with first call to zmq_setsockopt with > > ZMQ_TPUB_SELECT and the peer identity and then call zmq_setsockopt with > > ZMQ_TPUB_SUBSCRIBE or ZMQ_TPUB_UNSUBSCRIBE along with the subscription. > > > > You can take a look at the branch here: > > https://github.com/somdoron/netmq/tree/fpubsub > > Most of the magic happen at the TPub and TSub you can also take a look at > > the unit testing to see how to use it: > > https://github.com/somdoron/netmq/blob/fpubsub/src/NetMQ.Tests/TPubSubTests.cs. > > > > I will add a pull request to NetMQ soon, I need to add some more testing and > > want to hear your thoughts. > > > > Also together with ZMTP 3.0 hopefully coming to all zeromq libraries we can > > really have a secure pubsub. > > > > Small example in C#: > > > > using(NetMQContext context = NetMQContext.Create()) > > { > > using (TPublisherSocket publisherSocket = > > context.CreateTPublisherSocket()) > > { > > publisherSocket.Bind("tcp://127.0.0.1:5557"); > > > > using (TSubscriberSocket subscriberSocket = > > context.CreateTSubscriberSocket()) > > { > > subscriberSocket.SetToken("all"); > > subscriberSocket.Connect("tcp://127.0.0.1:5557"); > > > > // first is the identity > > byte[] identity = publisherSocket.Receive(); > > > > // now is the token, token always start with zero > > byte[] token = publisherSocket.Receive(); > > > > Debug.Assert(token[0] == 0); > > > > string tokenString = Encoding.ASCII.GetString(token, 1, > > token.Length - 1); > > > > if (tokenString == "all") > > { > > publisherSocket.SelectPeer(identity); > > > > // The peer will be subscribed to all messages > > publisherSocket.SubscribePeer(""); > > } > > > > publisherSocket.Send("Hello"); > > > > string messsage = subscriberSocket.ReceiveString(); > > > > Debug.Assert("Hello" == messsage); > > } > > } > > } > > > > Regards, > > > > Doron > > > > > > > > _______________________________________________ > > zeromq-dev mailing list > > [email protected] > > http://lists.zeromq.org/mailman/listinfo/zeromq-dev > > > _______________________________________________ > zeromq-dev mailing list > [email protected] > http://lists.zeromq.org/mailman/listinfo/zeromq-dev > > _______________________________________________ > zeromq-dev mailing list > [email protected] > http://lists.zeromq.org/mailman/listinfo/zeromq-dev _______________________________________________ zeromq-dev mailing list [email protected] http://lists.zeromq.org/mailman/listinfo/zeromq-dev
