Skip to Content.
Sympa Menu

grouper-dev - [grouper-dev] Re: [cifer-api] amazon messaging poc

Subject: Grouper Developers Forum

List archive

[grouper-dev] Re: [cifer-api] amazon messaging poc

Chronological Thread 
  • From: Jim Fox <>
  • To: Chris Hyzer <>
  • Cc: "" <>, "" <>, Rob Carter <>
  • Subject: [grouper-dev] Re: [cifer-api] amazon messaging poc
  • Date: Wed, 23 Jan 2013 13:50:21 -0800 (PST)


Couple of comments.

We deal with the out-of-order problem a different way. Since our
present applications use messaging to update the state of group
resources we can simply toss out any updates that arrive after
a more recent update to the same resource has been processed.
This does require maintaining a floating cache of recent resource
update times. Looking through course enrollment updates for today,
of about 5000 membership updates only two were received out of order.

On the encryption page:

The shared secret is not so hard to revoke or change. One easy way
to do this is store the shared secrets on a web site, protected by
client passwords. As each client starts it accesses that page to
get the currently in use secrets.

Public key methods are convenient for signatures, as the sender can
easily distribute its public key (I tend to use MAC instead, though).
However, they are awkward for encryption. The sender would have to encrypt a message specifically target at each client, encrypted with that client's public key. Not an attractive situation.


On Wed, 23 Jan 2013, Chris Hyzer wrote:

Date: Wed, 23 Jan 2013 12:43:00 -0800
From: Chris Hyzer



Cc: Rob Carter
Subject: [cifer-api] amazon messaging poc

Penn is looking into an application messaging platform (for various types of
messages including authorization notifications), and we are
evaluating ActiveMQ and Amazon SNS/SQS.


Others were interested in the POC we did, so I posted it on the wiki:


There are Java coding samples for SNS/SQS and a basic load test.


Penn will be talking with Amazon next week about it, if people are thinking
of using SQS/SNS at their institution and have concerns, let me know
and I can ask J


If we go forward with them (which some of us are leaning toward), I will do
Grouper integration with SNS/SQS in two areas (at least):


1.       Change log consumer that sends messages to SNS, and the Grouper
client which receives messages from SQS, and does something

2.       Change log consumer that maintains SNS/SQS security via Grouper
permissions (i.e. allow an amazon application user to send/receive to
SNS/SQS) like this:


Comments welcome J





Ps. Jim F’s writeup on amazon is here:


Archive powered by MHonArc 2.6.16.

Top of Page