The publication and subscription (pub-sub) model is widely used for data distribution where there are one or more sources for a particular data set and one or more users of that data set. Implementations of the pub-sub model usually provide an open publication model (no authentication of publishers or subscribers), and an authenticated model requiring publishers and subscribers to provide credentials. Management of the credentials is handled by the operator of the pub-sub network, usually through a pub-sub service that acts as both a subscription manager and a content distribution agent, and requires data subscribers to negotiate with data providers to gain access. Management of credentials is complicated when data providers and subscribers are in different administrative domains (different data distribution networks). In that situation, data subscribers in one domain must maintain distinct identities for each data distribution system and their associated pub-sub services. Additionally, the data movement infrastructure must have connectivity to each individual subscriber across administrative domain. In addition to coordinating credentials management, there may be network connectivity issues to be resolved as well. Current pub-sub model implementations require a single administrative domain for identity management and authentication. Typically such systems require a global repository of feed across all distribution networks.
Illustrated in FIG. 1 is a typical network environment 100 in which a plurality of publication-subscription (pub-sub) data distribution networks operate. Only three are shown in FIG. 1, namely data distribution network A 101, data distribution network B 103 and data distribution network C 105. Each data distribution network includes a pub-sub service for example, data distribution network a 101 includes pub-sub service 107, data distribution network B 103 includes pub-sub service 109, and data distribution network C 105 includes pub-sub service 111). Associated with each data distribution network are a plurality of subscribers and publishers. In the illustration of FIG. 1, three publishers and three subscribers are shown. Specifically, data distribution network A includes subscriber a 113, subscriber b 115, subscriber c 117, publisher a 119, publisher b 121 and publishers c 123. Similarly, data distribution network B includes subscriber a′ 125, subscriber b′ 127, subscribers c′ 129, publisher a′ 131, publisher b′ 133, and publisher c′ 135. Data distribution network C is shown is including subscriber a″ 137, subscriber b″ 139, subscribers c″ 141, publisher a″ 143, publisher b″ 145, and publisher c″ 147.
Publishers send structured content to one or more instances of the pub-sub service. The subscriber sends subscription requests to an instance of the pub-sub service and, subject to acceptance of a particular subscription request, receives content from the pub-sub service. The actual content received will be determined by the subscription and the message selection process.
The pub-sub service acts as both a subscription manager and a content distribution agent. Applications implementing the pub-sub service role accept subscription requests from subscribers and, subject to any applicable authentication or access control policies, accept or reject subscription requests; and distribute content to valid subscribers. An application implementing the pub-sub service role may itself act as a subscriber, subscribing to content through another instance of the pub-sub service and receiving messages from that service.
Currently, if subscriber a′ 125 in data distribution network B 103 wishes to receive content from publisher c 123 in data distribution network A 101, then subscriber a′ 125 must subscribe to the pub-sub service A 107 which authenticates that subscriber a′ 125 has the rights to the content.
There is a need for a system that does not require a single administrative domain for identity management and authentication.
There is a need for a system that does not require a global repository of feeds across all distribution networks.
There is a need for a system that allows for the same or completely different access policies to data feeds for each distribution network.