qpid-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Gordon Sim <g...@redhat.com>
Subject Re: Creating a queue and bindings from an address in qpid.messaging / AMQP 1.0
Date Thu, 08 Aug 2013 11:51:02 GMT
On 08/08/2013 12:03 PM, Jakub Scholz wrote:
> Hi Gordon,
>
> - The auto-delete problem is entered as QPID-5053
> - The qpidt problem is entered as QPID-5054

Marvellous, thanks again! I'll get those fixed asap.

>> My one concern about using userid on its own as the default container-id
>> is where multiple processes authenticate as the same user. These would need
>> to ensure any explicit link names were unique. It also seems somewhat
>> incorrect to identify them as the same container.
>>
>
> I agree with your concern. That is why defining the container-id in the
> connection options IMHO solves the problem only partially. I can specify
> there whatever I want, but then if I run the application multiple times it
> wont be unique.
>
>
>> What about a combination of the userid and some other details more unique
>> to the process or connection ( e.g. perhaps ip & port)? That would be more
>> meaningful but also accurate by default even if multiple processes
>> authenticate as the same user.
>>
>>
> In a large AMQP networks, will the IP address be really unique? I assume it
> can happen that you have two different clients using the same IP address
> internally in their local networks (which is what the AMQP client would
> use) and connecting to the broker outside of their network over some NAT.
> So it might be only "more unique" than the user ID alone, but not really
> unique.

What about keeping the UUID but prefixing it with any authenticated 
userid? That at least means the userid will by default be in the 
subscription queue names (and easily deducible from container-id), but 
by default will always be unique also.

> I'm also wondering whether this isn't also a question of 100 people having
> 100 opinions - we might have problem finding something what would fit
> everyone.

Indeed. However we are only talking about the default. An explicit 
scheme can always be used by setting the connection option. Obviously 
this requires clients to adhere to some defined scheme. That seems 
unavoidable (but would be nice to be able to use ACL to enforce it 
perhaps, i.e. restrict use of particular container id patterns by user?)


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org
For additional commands, e-mail: users-help@qpid.apache.org


Mime
View raw message