Authorization Using the Publish-Subscribe Model

TitleAuthorization Using the Publish-Subscribe Model
Publication TypeConference Paper
Year of Publication2008
AuthorsWei, Q., M. Ripeanu, and K. Beznosov
Conference NameParallel and Distributed Processing with Applications, 2008. ISPA '08. International Symposium on
Pagination53 -62
Date Publisheddec.
Keywordsauthorisation, authorization server, message passing, middleware, point-to-point communication, publish-subscribe model, request-response model

Traditional authorization mechanisms based on the request-response model are generally supported by point-to-point communication between applications and authorization servers. As distributed applications increase in size and complexity, an authorization architecture based on point-to-point communication becomes fragile and difficult to manage. This paper presents the use of the publish-subscribe (pub-sub) model for delivering authorization requests and responses between the applications and the authorization servers. Our analysis suggests that using the pub-sub architecture improves authorization system availability and reduces system administration overhead. We evaluate our design using a prototype implementation, which confirms the improvement in availability. Although the response time is also increased, this impact can be reduced by bypassing the pub-sub channel when returning authorizations or by caching coupled with local inference of authorization decisions based on previously cached authorizations.


a place of mind, The University of British Columbia

Electrical and Computer Engineering
2332 Main Mall
Vancouver, BC Canada V6T 1Z4
Tel +1.604.822.2872
Fax +1.604.822.5949

Emergency Procedures | Accessibility | Contact UBC | © Copyright 2021 The University of British Columbia