A popular approach employed in distributed messaging systems for use with asynchronous distributed applications is the content-based publish/subscribe (pub/sub) messaging approach. A content-based pub/sub system includes publishing client devices or machines (“publishers”) that generate messages and subscribing client devices or machines (“subscribers”) that register interest in messages matching the predicate/Boolean filter specified in their subscription. The system ensures timely delivery of published messages to all interested subscribers, and typically contains routing broker devices or machines (“brokers”) for this purpose. Thus, in the content-based pub/sub paradigm, the information providers (i.e., publishers) and consumers (i.e., subscribers) are decoupled, since publishers need not be aware of which subscribers receive their messages, and subscribers need not be aware of the sources of the messages they receive.
For many applications, content-based pub/sub systems are required to provide strong service guarantees (such as reliable, in-order, gapless delivery), high scalability to support large number of clients, high service availability and high performance/throughput. In order to achieve these goals, typical systems: (1) propagate and consolidate subscription information toward publishers; (2) using the subscription information, perform content filtering to achieve good network bandwidth utilization and scalability; and (3) and utilize redundant network paths for high service availability.
An important but often ignored issue that can hinder the commercial adoption of pub/sub systems is security assurance provided to applications. In particular, applications want to ensure the confidentiality, integrity and authenticity of events as they are disseminated. It is often required that only trusted sources should be allowed to publish events, and that information/events should only be distributed to authorized or paying subscribers. A closely related problem is accounting and auditing which enables the billing of subscribers based on usage.
This issue of access control in pub/sub systems is further complicated by the issue of changing access control policies. One problem associated with a change in the access control policy is the disruption in pub/sub service that occurs when the change is being made.
Accordingly, there is a need for improved access control techniques for distributed messaging systems which are able to efficiently and effectively account for access control policy changes.