Publish/subscribe data processing systems have become very popular in recent years as a way of distributing data messages from publishing computers to subscribing computers. The increasing popularity of the Internet, which has connected a wide variety of computers all over the world, has helped to make such publish/subscribe systems even more popular. Using the Internet, a World Wide Web browser application (the term “application” or “process” refers to a software program, or portion thereof, running on a computer) can be used in conjunction with the publisher or subscriber in order to graphically display images. Such systems are especially useful where data supplied by a publisher is constantly changing and a large number of subscribers need to be quickly updated with the latest data. One example of where this is useful is in the distribution of stock market data.
In such systems, publisher applications of data messages do not need to know the identity or location of subscriber applications which will receive the messages. The publishers need only connect to a publish/subscribe distribution agent process, which is included in a group of such processes making up a broker network, and send messages to the distribution agent process, specifying the subject of the message to the distribution agent process. The distribution agent process then distributes the published messages to subscriber applications which have previously indicated to the broker network that they would like to receive data messages on particular subjects. Thus, the subscribers also do not need to know the identity or location of the publishers. The publishers need only to connect to a broker's distribution agent process.
In order to allow a broker network to determine which published messages should be sent to which subscribers, publishers provide a broker with the name of a distribution stream for each published message. A distribution stream (called hereinafter a “topic”) is an ordered sequence of messages having a name (e.g., “stock” for a stream of stock market quotes) to distinguish the stream from other streams. Likewise, subscribers provide the broker with the name of the streams to which they would like to subscribe. In this way, the broker keeps track of which subscribers are interested in which streams so that when publishers publish messages to such streams, the messages can be distributed to the corresponding subscribers. Subscribers are also allowed to provide filter expressions to the broker in order to limit the messages which will be received on a particular stream.
The above-described publish/subscribe broker network architecture advantageously centralizes coordination of published messages. Authentication of a subscriber for a particular topic could require that the subscriber's identity (digital certificate) be passed back to the publisher in order to validate the subscriber. This process of requiring authentication at the publisher can degrade performance of the distributed system depending upon where the publisher and subscriber may be located relative to each other. In many cases, the broker may be much closer to the subscriber than the publisher. In such a situation, requiring authentication at the publisher can limit how fast the subscriber can start to receive the requested topic.
Therefore, a need exists in the art for an enhanced technique for ensuring security in a publish/subscribe data processing broker network, which facilitates a valid subscriber's timely obtaining of requested information.