[rabbitmq-discuss] AMQP security / dealing with Flex subscribers

Joern opendev at gmail.com
Fri Jan 23 09:29:30 GMT 2009

Hi Matthias,

2009/1/21 Matthias Radestock <matthias at lshift.net>:

> Our plans are documented at
>  https://dev.rabbitmq.com/wiki/AccessControlDesign
> and development of ACLs is underway. Comments welcome.

I wonder if the following would be an alternative for fine-granular,
application-specific access control logic.

 - Users are getting additional flags: 'untrusted' and 'trusted'.
 - Every action (binding, declaring, sending messages) of an
'untrusted' user is replicated as a message (in some easy to digest
format) to an access control system exchange.
 - Access control applications bind queues to this exchange and reply
with 'grant' or 'deny' (with configurable timeouts) or do other things
like logging / accounting. The results of an authorization reply may
be cached, depending on the reply of the access control application.
The cache can be flushed by access control applications and is
specific to the individual access control application and/or user in
question. The applications need 'trusted' users in order to bind to /
send messages to this system exchange.

This should be both, simple to implement and flexible for almost all
access control needs. This would also allow filtering / validating
individual messages which is probably out of the scope of every broker
specific access control implementation.

Does this make sense or am I overseeing something here?

Best regards,


More information about the rabbitmq-discuss mailing list