Hi all,
after having a closer look at the Qpid Dispatch Router configuration regarding authentication and authorization there are some questions I would like to discuss.
Our current architecture approach [1] involves that clients need to be authenticated and authorized at both endpoints (Hono server and Dispatch Router). As a result
we need to keep this information in sync between them. For the authentication this should be doable by using the same SASL provider and the same source of information e.g. database (Kai is working on the SASL topic already). For the authorization it’s not
that simple. As I understand for the Dispatch Router the information e.g. who is allowed to attach to a source/target (the policies) is rather static. I found no way to modify this data during runtime of the router, is this correct? Are there any plans to
make this more flexible? Or more generally, how are the policies are supposed to be used if I want to grant a new user access to the router or revoke access of an existing user (without restarting the router)? Maybe an example of how this is done in existing
systems helps to understand.
[1] https://github.com/eclipse/hono/wiki/Topology-Options
Best regards
Dominik Guggemos
INST/ECS1
Tel. +49 7545 202-396
www.blog.bosch-si.com