[rabbitmq-discuss] Access control documentation

Ben Hood 0x6e6562 at gmail.com
Wed Sep 17 08:19:57 BST 2008


Anthony,

On Wed, Sep 17, 2008 at 6:32 AM, Anthony <anthony-rabbitmq at hogan.id.au> wrote:
> This would sound like a significant step backwards and place a larger
> security onus on front-end systems, no?

I don't think I quite follow the second half of the question - can you
elaborate?

> I've read through the AMQP spec you linked for me (thanks!) - so I'm
> clear, is the following right?
>
> 1. If a given data stream is to be accessible in a specific vhost, the
> source of this data must connect to the given vhost and put it in
> there - streams cannot be shared/published/mirrored to multiple vhosts
> without an explicit connection by the source to each vhost in its own
> connection.

A vhost is bound to a connection, so you'd need multiple connections
to access multiple vhosts.

> 2. If a given stream is in the same vhost you authenticate into, you
> have full access with no limitations to it (all or nothing).

Correct.

> Am not bagging RabbitMQ here, as what it sounds like, it's just that
> the other implementers didn't quite get it.. But it just seems like a
> big loss to lose realms from the spec.

I think you're raising a fair point that I presume is coming from a
sys admin perspective. However the decision to remove this fine
grained ACL mechanism was that most people felt the benefits of it did
not justify the added complexity of implementing it, and also there
may have been some potential spec interpretation issues in this area.
On the whole, most people who have commented on this have wished for
the simplest thing possible.

I don't think that the other implementers don't get it - I just think
that they though it is tricky to do and hence they just deferred it.

The realm functionality as per the spec is completely implemented in
RabbitMQ 1.4.0, so you can still use it today. But it has already been
removed from the mainline source tree and will hence disappear in the
next release.

To give you an idea of why this area is so fiddly, the realm handling
code in Rabbit 1.4.0 makes up about 12% of the entire code base.

So whilst we welcome the simplification that it brings, we are a
little bit sad that we have spent a lot of time faithfully
implementing a spec only to have to remove all of the code - an
unfortunate waste of time.

But BTW, we always welcome comments and contributions about the spec,
in order to make AMQP more community driven.

HTH,

Ben




More information about the rabbitmq-discuss mailing list