Authorization Using the Publish-Subscribe Model

Author

Wei, Qiang ; Ripeanu, Matei ; Beznosov, Konstantin

Author_Institution

Dept. of Electr. & Comput. Eng., Univ. of British Columbia, Vancouver, BC, Canada

fYear

2008

fDate

10-12 Dec. 2008

Firstpage

53

Lastpage

62

Abstract

Traditional authorization mechanisms based on the request-response model are generally supported by point-to-point communication between applications and authorization servers. As distributed applications increase in size and complexity, an authorization architecture based on point-to-point communication becomes fragile and difficult to manage. This paper presents the use of the publish-subscribe (pub-sub) model for delivering authorization requests and responses between the applications and the authorization servers. Our analysis suggests that using the pub-sub architecture improves authorization system availability and reduces system administration overhead. We evaluate our design using a prototype implementation, which confirms the improvement in availability. Although the response time is also increased, this impact can be reduced by bypassing the pub-sub channel when returning authorizations or by caching coupled with local inference of authorization decisions based on previously cached authorizations.

Keywords

authorisation; message passing; middleware; authorization server; point-to-point communication; publish-subscribe model; request-response model; Access control; Application software; Authorization; Computer architecture; Delay; Hardware; Large-scale systems; Network servers; Prototypes; Publish-subscribe; access control; authorization recycling; publish-subscribe;

fLanguage

English

Publisher

ieee

Conference_Titel

Parallel and Distributed Processing with Applications, 2008. ISPA '08. International Symposium on

Conference_Location

Sydney, NSW

Print_ISBN

978-0-7695-3471-8

Type

conf

DOI

10.1109/ISPA.2008.126

Filename

4725135