[rabbitmq-discuss] Key based access control

• Previous message: [rabbitmq-discuss] A new AMQP-Client wrapper with erlang
• Next message: [rabbitmq-discuss] Key based access control
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello.

I amresearching how well RabbitMQ handles one scenario and need an 
advice on connecting LOTS of clients to the RabbitMQ.

Initially we planned to use single server=>client exhchage. The idea was 
that clients specify their ID
as binding key when binding to that server2client exchange and server 
will be using
client ID as a routing key when sending to it so each client only 
receives messages with its client ID.

Then the idea was to modify the auth backend so it won't allow clients 
to specify
other client's ID when binding a queue to the exchange (by comparing 
binging key to auth user id).
But as it turns out, the auth backend does not see the binding key at 
all - it only sees
the queue and exchange names.

I guess you probably expect me to create separate exchange for each 
client to solve
that issue (and this thread confirms it - 
http://rabbitmq.1065348.n5.nabble.com/Advanced-per-user-authorization-td23580.html)

My concerns are:
1. How will it work if we have say a million exchanges on a RabbitMQ 
server? Or even a few millions.
2. To distribute the load we could use multiple RabbitMQ server without 
building a cluster.
(Producers can be coded so they know to which RabbitMQ instance given 
client is connected).
But it looks to me that exchange is a persistent entity - it won't cease 
to exist even when client goes away
and its queue is destroyed. So if a client will be switching between our 
brokers, it will create same
exchange on every one and eventually all servers will have full 
collection of exchanges. So it is not very scalable.
Is there any way to automatically destroy unused exchanges?

Or is it actually possible to verify how exactly a client binds to a 
exchange in the auth backend or other plugin?

Maybe I'm just missing something and there is a better way to do what I 
am trying to do?

Many thanks.
Dmitry




This email is for the use of the intended recipient(s) only.
If you have received this email in error, please notify the sender immediately and then delete it.
If you are not the intended recipient, you must not use, disclose or distribute this email without the
author's prior permission. AlertMe.com Ltd. is not responsible for any personal views expressed
in this message or any attachments that are those of the individual sender.

AlertMe.com Ltd, 30 Station Road, Cambridge, CB1 2RE, UK.
Registered in England, Company number 578 2908, VAT registration number GB 895 9914 42.

• Previous message: [rabbitmq-discuss] A new AMQP-Client wrapper with erlang
• Next message: [rabbitmq-discuss] Key based access control
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]