000000166 001__ 166
000000166 005__ 20130522141942.0
000000166 037__ $$aLERSSE-RefConfPaper-2008-031
000000166 041__ $$aeng
000000166 100__ $$aQiang Wei
000000166 100__ $$aMatei Ripeanu
000000166 100__ $$aKonstantin Beznosov
000000166 245__ $$aAuthorization Using the Publish-Subscribe Model
000000166 260__ $$c2008-09-27
000000166 300__ $$a10p
000000166 520__ $$aTraditional authorization mechanisms based on the request-response model are generally supported by point-to-point communication between applications and authorization servers. As distributed applications increase in size and complexity, an authorization architecture based on point-to-point communication becomes fragile and difficult to manage. This paper presents the use of the publish-subscribe (pub-sub) model for delivering authorization requests and responses between the applications and the authorization servers. Our analysis suggests that using the pub-sub architecture improves authorization system availability and reduces system administration overhead. We evaluate our design using a prototype implementation, which confirms the improvement in availability. Although the response time is also increased, this impact can be reduced by bypassing the pub-sub channel when returning authorizations or by caching coupled with local inference of authorization decisions based on previously cached authorizations.
000000166 6531_ $$aaccess control
000000166 6531_ $$apublish-subscribe
000000166 6531_ $$aSAAM
000000166 6531_ $$aCSAR
000000166 6531_ $$aEngineering Security Mechanisms
000000166 8560_ $$fqiangw@ece.ubc.ca
000000166 8564_ $$uhttp://lersse-dl.ece.ubc.ca/record/166/files/166.pdf$$yTransfer from CDS 0.99.7
000000166 909C4 $$pQiang Wei, Matei Ripeanu, and Konstantin Beznosov. Authorization using the publishsubscribe model. In Proceedings of the 2008 IEEE International Symposium on Parallel and Distributed Processing with Applications (ISPA), pages 53-62, Sydney, Australia, December 10-12 2008. IEEE Computer Society.
000000166 980__ $$aRefConfPaper