Topic protection policy for publish-subscribe messaging system

摘要

Exemplary embodiments of the present invention disclose a method for securing a message published to a topic by a publisher in a publish-subscriber messaging system with a topic policy for the topic. In a step, an exemplary embodiment establishes a topic policy for a topic. In another step, an exemplary embodiment associates a message published to the topic with a topic policy. In another step, an exemplary embodiment signs a message published to the topic by a publisher with a private key of the publisher if the topic policy directs. In another step, an exemplary embodiment provides a public key of a subscriber if the topic policy directs that the subscriber receive a message in encrypted form. In another step, an exemplary embodiment encrypts a message for a subscriber specified in a topic policy to receive the message encrypted with a public key of the subscriber.

主权项

1. A method for securing a message published to a topic by a publisher and accessed by a subscriber in a publication subscription system with a topic policy for the topic, the method comprising:
establishing, by a computer, a topic policy for a topic, wherein the topic policy specifies a set of actions to be performed for publication of one or more messages of the topic to a subscriber of the topic, and wherein the subscriber is specified in the topic policy; associating, by the computer, a message published to the topic by a publisher with the topic policy; signing, by the computer, the message published to the topic with an encryption key of the publisher if directed by the topic policy; providing, by the computer, an encryption key of the subscriber to the topic if the topic policy directs that the subscriber receive the message published to the topic in encrypted form; and responsive to a determination that the message published to the topic for the subscriber is to be encrypted in accordance with the topic policy, encrypting, by the computer, the message published to the topic for the subscriber based, at least in part, on the encryption key of the subscriber, such that the message is in encrypted form when received by the subscriber.