Topics-based access control

[GioPer]

Hello everybody,

I'm approaching MQTT and in particular I'm looking for an implementation that would allow me to have access control at topic level and/or subject level. In other words, I would like to have the possibility to:

- restrict access to a given topic to set of users (i.e. a set of users / clients cannot subscribe to a given set of topics)

- restrict publish for certain users (i.e. a set of users cannot publish certain topics)

Do you know of any implementation that allows that? I know that there are solutions that are focused on authentication and general access control (i.e. user is allowed or not to talk with the broker) but I'm looking for something at a topic level.

Thanks in advance!

Giovanni

[V Z]

Mosquitto and MessageSight

[Dominik Obermaier]

Authorization for topics is supported by many MQTT brokers. Most HiveMQ deployments I'm aware of are heavily restricting topic access.

Best,

Dominik

On 25 October 2016 at 04:19:05, V Z (uvzu...@gmail.com) wrote:

Mosquitto and MessageSight

--
To learn more about MQTT please visit http://mqtt.org
---
You received this message because you are subscribed to the Google Groups "MQTT" group.
To unsubscribe from this group and stop receiving emails from it, send an email to mqtt+uns...@googlegroups.com.
To post to this group, send email to mq...@googlegroups.com.
Visit this group at https://groups.google.com/group/mqtt.
For more options, visit https://groups.google.com/d/optout.

[GioPer]

Thanks to both - digging in the docs I have found that Mosquitto supports it. Now I'm investigating on Activemq. Thanks !

[Sumeet Puri]

You might also want to look at the Solace VMR. The Community edition is free. 

http://dev.solace.com/downloads/

It supports some useful access control and other security capabilities. Some pointers to docs:

http://docs.solace.com/Features/Client-Authorization.htm#client_authentication_and_authorization_2866343001_215521

http://docs.solace.com/Features/Working-With-Direct-Messages.htm#working-with-direct-msgs-manage-client-subscriptions

You can take a look at some performance benchmarks here:

http://dev.solace.com/tech/performance/solace-message-router-throughput/

Regards,

Sumeet. 

[V Z]

Solace VMR is awfully heavy weight (4 core VM minimum) and has a huge restriction on concurrent connections: 1,000 max, which makes it impractical in most IoT applications.

[Sumeet Puri]

Full disclosure - I work for Solace, and appreciate your feedback. I’d like to put a few things into perspective (wouldn’t want this to be perceived as a “vendor pitch”, but would like to present facts in context).

The version you can download from the website is limited to 1000 connections for a feature/function trial basis, as well as for developers who have small scale needs. It’s architected as a multi core image, and a docker version will be out soon.

Solace has multiple deployments scaled to much much higher connection counts (in millions). You can contact solace for a scalable version of the software/architecture, which also adds a few other capabilities. I’ve personally architected/worked on a few of those smart city/connected cars applications.

Once such example you can check out is here, where every vehicle in Singapore is connecting to Solace:

http://www.computerworld.com.sg/resource/applications/solace-messaging-technology-to-support-singapores-erp-system/
http://www.channelnewsasia.com/news/business/satellite-based-erp-to-be/2547700.html

> On 31 Oct 2016, at 12:09 PM, V Z <uvzu...@gmail.com> wrote:
>
> Solace VMR is awfully heavy weight (4 core VM minimum) and has a huge restriction on concurrent connections: 1,000 max, which makes it impractical in most IoT applications.
>

[V Z]

Does the multi million connection solution use VMR?