[zeromq-dev] Q: advice on client authentication sought
mail17 at mah.priv.at
Mon Aug 18 10:36:22 CEST 2014
I'm trying to devise a strategy how to deal with DEALER authentication with PLAIN and CURVE auth, assuming a public network scenario (PLAIN would be applicable if the public hop is encrypted for instance over a SSL websocket).
I have dealer clients, some of which do only getter ops; some do getter and setter ops
I'd like to give the modify operations different credentials than the observer-only ops.
The options I currently see are:
1. different ROUTER sockets - one for inspectors, one for modifiers (which subsumes inspection), so R/O and R/W if you will.
2. a single socket, and tack on a signature frame for modifier ops, generated from message contents and a secret shared between DEALER and ROUTER
not fully happy with either - any I overlooked?
(1) would mean going down the route of 'one socket per client credential set', and that doesnt scale well with more than my two (R/O vs R/W) credential sets
(2) essentially means a message authentication scheme outside ZAP/zauth ; however it enables me to create an error return on credential mismatch, something I dont see yet with PLAIN and CURVE as the library stands (messages from a client with bad credentials are just dropped)
do I read docs correctly that:
- a CURVE auth scheme with CURVE_ALLOW_ANY is essentially an encrypted pipe without client authentication?
- a recipient (eg ROUTER) cannot inspect origin credentials on a per-message basis?
- a CURVE authentication without also encrypting the pipe is not possible (whacky but might make sense if the public hop is encrypted anyway)
thanks in advance,
More information about the zeromq-dev