Role-based access control for publish/subscribe middleware architectures

Research into publish/subscribe messaging has so far done little to propose architectures for the support of access control, yet this will be an increasingly critical requirement as systems move to Internet-scale. This paper discusses the general requirements of publish/subscribe systems with access control. We then present our specific integration of OASIS role-based access control into the Hermes publish/subscribe middleware platform. Our system supports many advanced features, such as the ability to work within a network where nodes are attributed different levels of trust, and employs a variety of access restriction methods which balance expressiveness with the content-based routing optimisations available. We illustrate our achievements by discussing an application scenario in which our system will be of particular use.