Publish/subscribe systems offer a useful pattern to communicate events among entities connected over a network, or among processes executing in a single computer. One advantage is that a publisher of information need not maintain a list of recipients for that information. Instead, the publisher simply transmits the information to the publish/subscribe system, which maintains a list of subscribers to which the information is to be transmitted. Further, the publish/subscribe system allows publishers and subscribers to easily reverse roles. That is, a publisher may publish certain information for a set of subscribers, while each of the subscribers may publish information in response. If the original publisher itself subscribes to these responses, then an effective request/response infrastructure is achieved.
A drawback of publish/subscribe systems is that they lack privacy and authentication mechanisms. Due to the lack of privacy, sensitive data that is published to members of a group may be obtained by use of packet analyzers or network sniffing devices. Further, because authentication is usably lacking in publish/subscribe systems, it is difficult to support certain types of remote management functions using this pattern. For example, without effective authentication, it would be difficult, if not impossible, to determine with certainty whether a publisher who sends a command to a subscribing system for execution on that subscribing system is indeed authorized to instruct the subscribing system to perform the function.