Grouper Developers Forum

[Chris Hyzer <>]

With activemq you can use ldap to secure messaging queues/topics:

 

http://fusesource.com/docs/broker/5.5/security/LDAP-AddAuthzEntries.html

 

I think with bushy groups, and a group per permissions action, you could accomplish this easily with the psp. 

 

I was thinking of making an activemq plugin that works with Grouper permissions via WS and cached locally (similar to the unix command permissions example linked below).  Any thoughts on this approach or interest in using such a thing?

 

i.e. you could control which topics or queues in the message system that service principals can read/write/admin.  We would need certain principals to be able to create their own topics/queues (give CREATE on the activemq grouper folder?), and also be able to make things public (assign to GrouperAll).

 

Thanks,

Chris

 

Ps. here is the unix file command example:

 

https://spaces.internet2.edu/display/Grouper/Managing+unix+commands+with+Grouper+permissions+example

 

pps.  And yes, the activemq system itself could be responsible for the real time message updates of its own permissions perhaps out of the box with the xmpp connector… J