Skip to content

Operation Concepts

Andrew J. Gillis edited this page Sep 4, 2017 · 4 revisions

Authentication

Router Authentication

To authenticate Routers to Clients, deployments MUST run TLS and Clients MUST verify the Router server certificate presented. See Router Authentication in the WAMP specification.

Client Authentication

Client Authentication is described in the WAMP specification. Nexus defines a general client authentication interface and challenge-response interface, which allows developers to build any necessary authentication mechanisms, and for nexus to use then through these interfaces.

Authorization

When a client attempts to preform an action (call, register, join, publish), the WAMP router determines if the client is authorized to perform that action. Nexus provides an authorization interface, that if supplied by the router implementation, allows inspection of any client message and client session information to determine if the action is allowed. The authorization interface can also be used to intercept and modify client messages and session information.

Roles and Features

Nexus Router

The nexus router implements both the broker and dealer roles. The broker handles PubSub messages and the dealer handles routed RPC.

Broker

The router advertises the following feature support for its broker role:

  • subscriber_blackwhite_listing
  • pattern_based_subscription
  • publisher_exclusion
  • publisher_identification
  • subscription_meta_api

Dealer

The router advertises the following feature support for its dealer role:

  • call_canceling
  • call_timeout
  • caller_identification
  • pattern_based_registration
  • prosgressive_call_results
  • shared_registration
  • registration_meta_api

Nexus Client

The nexus client supports all of the following roles with the features listed for each role. The client API allows any subset of roles and features to advertised to the router, but all are advertised by default:

  • subscriber

    • pattern_based_subscription
    • publisher_identification
  • publisher

    • subscriber_blackwhite_listing
    • publisher_exclusion
  • caller

    • call_canceling
    • call_timeout
    • caller_identification
  • callee

    • pattern_based_registration
    • shared_registration
    • call_canceling
    • call_timeout
    • caller_identification
    • progressive_call_results