Research into publish/subscribe messaging has so far done little to propose architectures for the support of access control, yet this will be an increasingly critical requirement as systems move to Internet-scale. This paper discusses the general requirements of publish/subscribe systems with access control. We then present our specific integration of OASIS role-based access control into the Hermes publish/subscribe middleware platform. Our system supports many advanced features, such as the ability to work within a network where nodes are attributed different levels of trust, and employs a variety of access restriction methods which balance expressiveness with the content-based routing optimisations available. We illustrate our achievements by discussing an application scenario in which our system will be of particular use.

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	Jean Bacon , Ken Moody , John Bates , Richard Hayton , Chaoying Ma , Andrew McNeil , Oliver Seidel , Mark Spiteri, Generic Support for Distributed Applications, Computer, v.33 n.3, p.68-76, March 2000  [doi>10.1109/2.825698]
	2	J. Bacon, K. Moody, and W. Yao. Access control and trust in the use of widely distributed services. In Middleware 2001, volume LNCS 2218, pages 300--315. Springer-Verlag, November 2001.
	3	Jean Bacon , Ken Moody , Walt Yao, A model of OASIS role-based access control and its support for active security, ACM Transactions on Information and System Security (TISSEC), v.5 n.4, p.492-540, November 2002  [doi>10.1145/581271.581276]
	4	John A. Hine , Walt Yao , Jean Bacon , Ken Moody, An architecture for distributed OASIS services, IFIP/ACM International Conference on Distributed systems platforms, p.104-120, April 03-07, 2000, New York, New York, United States
	5	ITU-T International Telecommunication Union. ITU-T recommendation X.509, 2000.
	6	Zoltán Miklós, Towards an Access Control Mechanism for Wide-Area Publish/Subscribe Systems, Proceedings of the 22nd International Conference on Distributed Computing Systems, p.516-524, July 02-05, 2002
	7	Peter R. Pietzuch , Jean Bacon, Hermes: A Distributed Event-Based Middleware Architecture, Proceedings of the 22nd International Conference on Distributed Computing Systems, p.611-618, July 02-05, 2002
	8	Ravi S. Sandhu , Edward J. Coyne , Hal L. Feinstein , Charles E. Youman, Role-Based Access Control Models, Computer, v.29 n.2, p.38-47, February 1996  [doi>10.1109/2.485845]
	9	B. Segall and D. Arnold. Elvin has left the Building: A Publish/Subscribe Notification Service with Quenching. In Proc. of AUUG Technical Conference '97, Brisbane, Australia, Sept. 1997.
	10	C. Wang , A. Carzaniga , D. Evans , A. Wolf, Security Issues and Requirements for Internet-Scale Publish-Subscribe Systems, Proceedings of the 35th Annual Hawaii International Conference on System Sciences (HICSS'02)-Volume 9, p.303, January 07-10, 2002