Securing AMPS

One of the most important considerations when using AMPS in production is keeping your data safe. This means both ensuring that subscribers only have access to the data that they are allowed to have access to and that only authorized publishers are allowed to publish messages into the system. This chapter describes the mechanisms within AMPS to protect access to AMPS resources through client, administrative and replication connections.

In this chapter, we describe the AMPS security infrastructure and present general information about securing an AMPS installation. AMPS uses a plugin model for providing authentication and entitlement, and allows a great deal of freedom in how a given module implements security checks. This chapter discusses the concepts, principles, and guarantees that AMPS provides. The specific steps and configuration you use to secure an installation of AMPS depend on the plugin you use to secure AMPS.

There are three aspects to securing connections to AMPS:

1. Authentication assigns an identity to a connection and verifies that identity.

2. Entitlement enforces permission to access AMPS and read or write AMPS resources, based on the identity assigned to a connection.

3. The AMPS process may also need to provide credentials to another AMPS instance (for example, to secure outgoing replication).

AMPS installations typically create custom plugins for securing AMPS. These plugins integrate with the enterprise authentication and entitlement system, and are designed to enforce the policies for the specific site. For more information on developing modules for use with AMPS, contact 60East support for the AMPS Server SDK.

The AMPS distribution includes an auxiliary module that contacts a web service for authentication and entitlement. This module is described in the section RESTful Authentication and Entitlement.

The AMPS distribution also contains an entitlement module that can be used to restrict access to specific topics for all users. This module is described in the section Simple Access Entitlements.

For applications that need to connect with an existing Kerberos or LDAP system for authentication, the AMPS distribution includes an auxiliary module that can use either a Kerberos or LDAP system for authentication. This module is described in the section Multimethod Authentication.

If an installation uses Kerberos for replication security, the AMPS server must be able to provide a Kerberos token to authenticate itself to a downstream instance. For this situation, the AMPS distribution includes an authenticator that can provide Kerberos tokens, as described in the section Multimethod Authenticator.

For a situation where an outgoing replication connection needs to obtain credentials from an external source (such as generating a single use token), AMPS offers a Command Execution Authenticator to run a specific external command and read the output.