A capability-based access control architecture for multi-domain publish/subscribe systems

A capability-based access control architecture for multi-domain publish/subscribe systems

Publish/subscribe has emerged as an attractive communication paradigm for building Internet-wide distributed systems by decoupling message senders from receivers. So far most of the research on publish/subscribe has focused on efficient event routing, event filtering, and composite event detection....

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Pesonen, L.I.W., Eyers, D.M., Bacon, J.
Format: Tagungsbericht
Sprache:eng
Schlagworte:
Access control
Authorization
Computer architecture
Event detection
Filtering
Internet
Large-scale systems
Matched filters
Peer to peer computing
Routing
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
container_end_page 228
container_issue
container_start_page 7 pp.
container_title
container_volume
creator Pesonen, L.I.W.
Eyers, D.M.
Bacon, J.
description Publish/subscribe has emerged as an attractive communication paradigm for building Internet-wide distributed systems by decoupling message senders from receivers. So far most of the research on publish/subscribe has focused on efficient event routing, event filtering, and composite event detection. Very little research has been published regarding securing publish/subscribe systems. In this paper, we present a capability-based access control architecture that enables multiple domains to co-operate in order to build a shared, wide-scale publish/subscribe system. Our architecture employs SPKI authorisation certificates for delegating access control responsibilities to access control services within independent domains in order to balance security and scalability. The architecture supports controlling access both for new event brokers joining the broker network as well as for clients accessing the publish/subscribe API
doi_str_mv 10.1109/SAINT.2006.1
format Conference Proceeding
fullrecord <record><control><sourceid>ieee_6IE</sourceid><recordid>TN_cdi_ieee_primary_1581337</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><ieee_id>1581337</ieee_id><sourcerecordid>1581337</sourcerecordid><originalsourceid>FETCH-LOGICAL-i213t-feb0f6434eb5772c87d94d2c2837d4c80662541c0a95ebb690d28e831c7f00cc3</originalsourceid><addsrcrecordid>eNotzL1OwzAUQGFLCAko3dhY_AJpr-3Edsao4qdSBQNlYKrsmxvVKGki2xny9iDBWb7tMPYgYCME1NuPZv923EgAvRFX7A6MritZgVU3bJ3SN_ymaqWtumVfDUc3OR_6kJfCu0Qtd4iUEsfxkuPYcxfxHDJhniPxbox8mPscinYcXLjwafZ9SOdtmn3CGDzxtKRMQ7pn153rE63_XbHP56fj7rU4vL_sd82hCFKoXHTkodOlKslXxki0pq3LVqK0yrQlWtBaVqVAcHVF3usaWmnJKoGmA0BUK_b49w1EdJpiGFxcTqKyQimjfgAgu1Cq</addsrcrecordid><sourcetype>Publisher</sourcetype><iscdi>true</iscdi><recordtype>conference_proceeding</recordtype></control><display><type>conference_proceeding</type><title>A capability-based access control architecture for multi-domain publish/subscribe systems</title><source>IEEE Electronic Library (IEL) Conference Proceedings</source><creator>Pesonen, L.I.W. ; Eyers, D.M. ; Bacon, J.</creator><creatorcontrib>Pesonen, L.I.W. ; Eyers, D.M. ; Bacon, J.</creatorcontrib><description>Publish/subscribe has emerged as an attractive communication paradigm for building Internet-wide distributed systems by decoupling message senders from receivers. So far most of the research on publish/subscribe has focused on efficient event routing, event filtering, and composite event detection. Very little research has been published regarding securing publish/subscribe systems. In this paper, we present a capability-based access control architecture that enables multiple domains to co-operate in order to build a shared, wide-scale publish/subscribe system. Our architecture employs SPKI authorisation certificates for delegating access control responsibilities to access control services within independent domains in order to balance security and scalability. The architecture supports controlling access both for new event brokers joining the broker network as well as for clients accessing the publish/subscribe API</description><identifier>ISBN: 0769525083</identifier><identifier>ISBN: 9780769525082</identifier><identifier>DOI: 10.1109/SAINT.2006.1</identifier><language>eng</language><publisher>IEEE</publisher><subject>Access control ; Authorization ; Computer architecture ; Event detection ; Filtering ; Internet ; Large-scale systems ; Matched filters ; Peer to peer computing ; Routing</subject><ispartof>International Symposium on Applications and the Internet (SAINT'06), 2006, p.7 pp.-228</ispartof><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://ieeexplore.ieee.org/document/1581337$$EHTML$$P50$$Gieee$$H</linktohtml><link.rule.ids>309,310,780,784,789,790,2058,4050,4051,27925,54920</link.rule.ids><linktorsrc>$$Uhttps://ieeexplore.ieee.org/document/1581337$$EView_record_in_IEEE$$FView_record_in_$$GIEEE</linktorsrc></links><search><creatorcontrib>Pesonen, L.I.W.</creatorcontrib><creatorcontrib>Eyers, D.M.</creatorcontrib><creatorcontrib>Bacon, J.</creatorcontrib><title>A capability-based access control architecture for multi-domain publish/subscribe systems</title><title>International Symposium on Applications and the Internet (SAINT'06)</title><addtitle>SAINT</addtitle><description>Publish/subscribe has emerged as an attractive communication paradigm for building Internet-wide distributed systems by decoupling message senders from receivers. So far most of the research on publish/subscribe has focused on efficient event routing, event filtering, and composite event detection. Very little research has been published regarding securing publish/subscribe systems. In this paper, we present a capability-based access control architecture that enables multiple domains to co-operate in order to build a shared, wide-scale publish/subscribe system. Our architecture employs SPKI authorisation certificates for delegating access control responsibilities to access control services within independent domains in order to balance security and scalability. The architecture supports controlling access both for new event brokers joining the broker network as well as for clients accessing the publish/subscribe API</description><subject>Access control</subject><subject>Authorization</subject><subject>Computer architecture</subject><subject>Event detection</subject><subject>Filtering</subject><subject>Internet</subject><subject>Large-scale systems</subject><subject>Matched filters</subject><subject>Peer to peer computing</subject><subject>Routing</subject><isbn>0769525083</isbn><isbn>9780769525082</isbn><fulltext>true</fulltext><rsrctype>conference_proceeding</rsrctype><creationdate>2006</creationdate><recordtype>conference_proceeding</recordtype><sourceid>6IE</sourceid><sourceid>RIE</sourceid><recordid>eNotzL1OwzAUQGFLCAko3dhY_AJpr-3Edsao4qdSBQNlYKrsmxvVKGki2xny9iDBWb7tMPYgYCME1NuPZv923EgAvRFX7A6MritZgVU3bJ3SN_ymaqWtumVfDUc3OR_6kJfCu0Qtd4iUEsfxkuPYcxfxHDJhniPxbox8mPscinYcXLjwafZ9SOdtmn3CGDzxtKRMQ7pn153rE63_XbHP56fj7rU4vL_sd82hCFKoXHTkodOlKslXxki0pq3LVqK0yrQlWtBaVqVAcHVF3usaWmnJKoGmA0BUK_b49w1EdJpiGFxcTqKyQimjfgAgu1Cq</recordid><startdate>2006</startdate><enddate>2006</enddate><creator>Pesonen, L.I.W.</creator><creator>Eyers, D.M.</creator><creator>Bacon, J.</creator><general>IEEE</general><scope>6IE</scope><scope>6IL</scope><scope>CBEJK</scope><scope>RIE</scope><scope>RIL</scope></search><sort><creationdate>2006</creationdate><title>A capability-based access control architecture for multi-domain publish/subscribe systems</title><author>Pesonen, L.I.W. ; Eyers, D.M. ; Bacon, J.</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-i213t-feb0f6434eb5772c87d94d2c2837d4c80662541c0a95ebb690d28e831c7f00cc3</frbrgroupid><rsrctype>conference_proceedings</rsrctype><prefilter>conference_proceedings</prefilter><language>eng</language><creationdate>2006</creationdate><topic>Access control</topic><topic>Authorization</topic><topic>Computer architecture</topic><topic>Event detection</topic><topic>Filtering</topic><topic>Internet</topic><topic>Large-scale systems</topic><topic>Matched filters</topic><topic>Peer to peer computing</topic><topic>Routing</topic><toplevel>online_resources</toplevel><creatorcontrib>Pesonen, L.I.W.</creatorcontrib><creatorcontrib>Eyers, D.M.</creatorcontrib><creatorcontrib>Bacon, J.</creatorcontrib><collection>IEEE Electronic Library (IEL) Conference Proceedings</collection><collection>IEEE Proceedings Order Plan All Online (POP All Online) 1998-present by volume</collection><collection>IEEE Xplore All Conference Proceedings</collection><collection>IEEE Electronic Library (IEL)</collection><collection>IEEE Proceedings Order Plans (POP All) 1998-Present</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>Pesonen, L.I.W.</au><au>Eyers, D.M.</au><au>Bacon, J.</au><format>book</format><genre>proceeding</genre><ristype>CONF</ristype><atitle>A capability-based access control architecture for multi-domain publish/subscribe systems</atitle><btitle>International Symposium on Applications and the Internet (SAINT'06)</btitle><stitle>SAINT</stitle><date>2006</date><risdate>2006</risdate><spage>7 pp.</spage><epage>228</epage><pages>7 pp.-228</pages><isbn>0769525083</isbn><isbn>9780769525082</isbn><abstract>Publish/subscribe has emerged as an attractive communication paradigm for building Internet-wide distributed systems by decoupling message senders from receivers. So far most of the research on publish/subscribe has focused on efficient event routing, event filtering, and composite event detection. Very little research has been published regarding securing publish/subscribe systems. In this paper, we present a capability-based access control architecture that enables multiple domains to co-operate in order to build a shared, wide-scale publish/subscribe system. Our architecture employs SPKI authorisation certificates for delegating access control responsibilities to access control services within independent domains in order to balance security and scalability. The architecture supports controlling access both for new event brokers joining the broker network as well as for clients accessing the publish/subscribe API</abstract><pub>IEEE</pub><doi>10.1109/SAINT.2006.1</doi><oa>free_for_read</oa></addata></record>
fulltext fulltext_linktorsrc
identifier ISBN: 0769525083
ispartof International Symposium on Applications and the Internet (SAINT'06), 2006, p.7 pp.-228
issn
language eng
recordid cdi_ieee_primary_1581337
source IEEE Electronic Library (IEL) Conference Proceedings
subjects Access control
Authorization
Computer architecture
Event detection
Filtering
Internet
Large-scale systems
Matched filters
Peer to peer computing
Routing
title A capability-based access control architecture for multi-domain publish/subscribe systems
url https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-08T00%3A39%3A07IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-ieee_6IE&rft_val_fmt=info:ofi/fmt:kev:mtx:book&rft.genre=proceeding&rft.atitle=A%20capability-based%20access%20control%20architecture%20for%20multi-domain%20publish/subscribe%20systems&rft.btitle=International%20Symposium%20on%20Applications%20and%20the%20Internet%20(SAINT'06)&rft.au=Pesonen,%20L.I.W.&rft.date=2006&rft.spage=7%20pp.&rft.epage=228&rft.pages=7%20pp.-228&rft.isbn=0769525083&rft.isbn_list=9780769525082&rft_id=info:doi/10.1109/SAINT.2006.1&rft_dat=%3Cieee_6IE%3E1581337%3C/ieee_6IE%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_id=info:pmid/&rft_ieee_id=1581337&rfr_iscdi=true