[rabbitmq-discuss] MQTT topic ACLs Query

Mark Wolfe mark at wolfe.id.au
Tue Jan 7 12:10:13 GMT 2014 

Gday Emile

I am working on moving an IoT platform from a custom TCP protocol across to
MQTT, the aim is to provide a combined topic structure for these devices
partitioned by a user identifier then a group or zone identifier.

We have in home and cloud services, with a range of topics used by either
end.

Incoming messages to the central cloud services, which are sent from the in
home gateway are organised under $cloud base, note variable params are
signified by []:

$cloud/[userid]/[zoneid]/[gwid]/config
$cloud/[userid]/[zoneid]/[gwid]/status
$cloud/[userid]/[zoneid]/[gwid]/events

$cloud/[userid]/[zoneid]/[gwid]/device/[deviceid]/...

Outgoing to the gateway, these are subscribed to by the software on the
device.

$gw/[userid]/[zoneid]/[gwid]/config
$gw/[userid]/[zoneid]/[gwid]/commands

$gw/[userid]/[zoneid]/[gwid]/device/[deviceid]/...


Now given that each gateway authenticates using a username and password the
types of rules we are looking for are very similar to those currently
present in RabbitMQ, for AMQP.

Restrict write access to the outgoing topics
$cloud/[userid]/[zoneid]/[gwid]/.* for a given user.
Restrict read access to the incoming topics $gw/[userid]/[zoneid]/[gwid]/.*
for a given user.

The aim here is to keep a given user constrained to a part of the topic
structure.

The reason I am keen to continue using RabbitMQ is it has done a sterling
job of knitting together a number of internal services, most of which
connect using AMQP, using either amqplib by Michael Bridgen or the golang
AMQP library by Sean Treadway.

Outside our core I am keen to use MQTT as:

- the gateway devices are in a lot of cases are on consumer wireless
networks
- in some cases these will be micro controllers such as Arduinos
- mostly non x86, so arm and mips based systems.

Hopefully that gives you some insight into what I am hoping to achieve.

Cheers


On Tue, Jan 7, 2014 at 7:29 PM, Emile Joubert <emile at rabbitmq.com> wrote:

>
> Hi Mark,
>
> On 07/01/14 07:38, Mark Wolfe wrote:
> > Interested to hear if anyone intends to add ACL support to the MQTT
> module?
> >
> > At the moment it is built around routing keys which as i understand
> > cannot be controlled by the existing ACLs.
>
> There are no immediate plans to grant permissions on individual topics.
> That is because the feature barely mentioned in the current
> specification, and also because it has no equivalent in AMQP.
>
> Can you describe your use-case in more detail? This will help us to
> determine which features to include.
>
>
>
> -Emile
>



-- 
Regards,

Mark Wolfe

--
I am not young enough to know everything.
--
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rabbitmq.com/pipermail/rabbitmq-discuss/attachments/20140107/b23cbf6b/attachment.html>

More information about the rabbitmq-discuss mailing list