Authorization Using the Publish-Subscribe Model

Qiang Wei ; Matei Ripeanu ; Konstantin Beznosov

27 September 2008

Abstract: Traditional authorization mechanisms based on the request-response model are generally supported by point-to-point communication between applications and authorization servers. As distributed applications increase in size and complexity, an authorization architecture based on point-to-point communication becomes fragile and difficult to manage. This paper presents the use of the publish-subscribe (pub-sub) model for delivering authorization requests and responses between the applications and the authorization servers. Our analysis suggests that using the pub-sub architecture improves authorization system availability and reduces system administration overhead. We evaluate our design using a prototype implementation, which confirms the improvement in availability. Although the response time is also increased, this impact can be reduced by bypassing the pub-sub channel when returning authorizations or by caching coupled with local inference of authorization decisions based on previously cached authorizations.

Keyword(s): access control ; publish-subscribe ; SAAM ; CSAR ; Engineering Security Mechanisms

Published in: Qiang Wei, Matei Ripeanu, and Konstantin Beznosov. Authorization using the publishsubscribe model. In Proceedings of the 2008 IEEE International Symposium on Parallel and Distributed Processing with Applications (ISPA), pages 53-62, Sydney, Australia, December 10-12 2008. IEEE Computer Society.:

The record appears in these collections:
Engineering Security Mechanisms
Refereed Conference Papers

 Record created 2009-04-27, last modified 2013-05-22

Transfer from CDS 0.99.7:
Download fulltext

Rate this document:

Rate this document:
(Not yet reviewed)