[zeromq-dev] Fwd: Access control
Pieter Hintjens
ph at imatix.com
Tue Jul 27 19:27:29 CEST 2010
On Tue, Jul 27, 2010 at 7:18 PM, Martin Sustrik <sustrik at 250bpm.com> wrote:
> As for real solution the only way to have authenticated pub/sub IMO is
> to encrypt messages on publisher and decrypt them on terminal
> subscriber. (All the intermediate untrusted nodes would just forward
> encrypted data.)
This is indeed a sensible design for secure multicast but IMO does not
scale for Internet use. For one thing you need to create as many
endpoints as you have access types. That works for LAN market data
cases and it's a design I'm depending on for the data plant I'm
working on. It does not scale however.
I'm going to post a design proposal for authenticated pubsub and
custom routing over request-reply, which I think answers Oliver's use
case.
-Pieter
More information about the zeromq-dev
mailing list