Conflict Detection and Lifecycle Management for Access Control in Publish/Subscribe Systems

In today's collaborative business environment there is a need to share information across organizational boundaries. Publish/Subscribe systems are ideal for such scenarios as they allow real-time information to be shared in an asynchronous fashion. In this work, we focus on the access control aspect. While access control in general for publish/subscribe systems has been studied before, their usage in a multi-organizational scenario leads to some novel challenges. Here a publisher might wish to enforce restrictions w.r.t. not only subscribers, but also other publishers publishing certain event types due to competitive or regulatory reasons. With different publishers and subscribers having their own preferences and restrictions, conflicts are evident w.r.t. both publishing and subscribing to specific event types. Given this, the first contribution of this work is to provide efficient conflict detection and resolution algorithms The other important (and often ignored) aspect of large scale and evolving systems is that of efficiently handling modifications to existing policies, e.g. a rule may become invalid after a certain period of time. Our approach in handling such modifications is two-fold: (i) to maintain consistency and (ii) to automatically detect and enforce rules which could not have been enforced earlier due to conflicts. The second contribution of our work is thus to provide lifecycle management for access control rules, which is tightly coupled with the conflict detection and resolution algorithms.