How to use the RabbitMQ user-id validation 
Saturday, November 19, 2011, 11:47 PM
I have not been posting anything in a while. But here it is a new post.

What caught my attenton is a simple thing - how to secure communicaitons between two apps leveraging messaging communicaiton over RabbitMQ. I found out that Rabbit MQ has an extension to the AMQP protocol Validated User ID that is supposed to serve this goal.

Yet how does it work? At first reading it does not make any sense. Sender needs to supply something ...when we actually want the recipient to be able to verify the sender identity...how so?

Well it turned out quite simple:

1. Sender needs to explicitly say they want thewir message authenticated i.e. not anonymous by providing their identity in the message properties
2. RabbitMQ makes sure the user id is not forged
3. Recipient may as desired verify that the user name of the ender application matches its expectations

Below is an example of how all this works. The application tries to send 3 messages a forged one that results in exception, an anonymous message and an authenticated messsage. There is also a small recipient side that ilustrates how to verify the user identity.

To use the sample one needs locally deployed RabbitMQ with default security i.e. guest/guest is admin. The sample is written in Python 2.7 and uses Pika 0.9.5

Enjoy!

import pika
import sys

connection = pika.BlockingConnection(pika.ConnectionParameters('localhost'))

channel = connection.channel()
channel.tx_select()

channel.queue_declare(queue='hello')

print "try forged message"
try:
  # This does not go through as the user is forged
  channel.basic_publish(exchange='', routing_key='hello',body='Forged Message', 
                        properties=pika.BasicProperties(user_id='fake'))
  channel.tx_commit()
except Exception as e:
  print "Cannot publish forged message"
  print e

#Get new channel and try good message with out forged id
channel = connection.channel()
channel.tx_select()

print "try anonymous message"
try:
  #This should go through as we pass the correct user
  channel.basic_publish(exchange='', routing_key='hello',body='anonymous Message')
  channel.tx_commit()
  print "published anonymous message"
except Exception as e:
  print "Cannot publish anonymous message"
  print e



print "try authenticated message"
try:
  #This should go through as we pass the correct user
  channel.basic_publish(exchange='', routing_key='hello',body='authenticated Message', 
                        properties=pika.BasicProperties(user_id='guest'))
  channel.tx_commit()
  print "published authenticated message"
except Exception as e:
  print "Cannot publish authenticated message"
  print e


print "Listening..."
def on_receive(ch, method, properties, body):
  print "Received: %r" % (body,) 
  if properties.user_id is None:
    print "Ignore anonymous message"
    return
  
  #At this point we can check if we trust this authenticated user... 
  
  print "Received from user: %r" % properties.user_id
  sys.exit()


channel.basic_consume(on_receive, queue='hello',no_ack=True)

channel.start_consuming()


connection.close()

  |  [ 0 trackbacks ]   |  permalink  |  related link  |   ( 3 / 1299 )
A kick in the right direction 
Friday, October 12, 2007, 11:28 PM - CMMI, CMMI Implementation
I am just back from Moldova where we conducted the initial meetings of the Moldovian IT Mark program of ESI Center Bulgaria. The IT Mark service is an interesting program that helps small companies get on the road of process improvement.

Chisinau is a nice city with strong European flavor. I have been able to take some pictures you can see themby clicking on the link below. If you happen to go to Moldova do try their wine it is like no other and is quite cheap.


Click here to go to Picasa…


I will try to drop few lines about IT Mark later when I have some spare time.

Meanwhile you can look as well at my pics from Yerevan Armenia where I lead an Intro to CMMI training in June 2007.

Yerevan


Also note there will be an Introduction to CMMI training in Sofia, Bulgaria at the end of this monnth or early in November. Please contact ESI Center Bulgaria to get more info and sign up.

  |  [ 0 trackbacks ]   |  permalink  |   ( 3 / 1702 )
Endless projects? 
Tuesday, May 1, 2007, 11:07 PM - CMMI, CMMI Implementation, Introduction to CMMI course
A series of small projects or an endless project is a dilemma for all people implementing CMMI practices in environment that operates a support team that performs series of small fixes and enhancements. Over the last one week I participated on two separate occasions in discussions how CMMI is to be applied in such environments, so here is my view on the topic and links to relevant information.

Firstly the current version of CMMI is called CMMI-DEV i.e. it is designed to address development organizations primarily while leaving an option of interpretation for service environments. There is going to be a separate CMMI-SVC constellation(edition) of CMMI to be announced in 2007 that will be written specifically with the service organizations problems in mind. Thus should one be impatient to implement CMMI or if the service business is only a fraction of the overall business some interpretation of CMMI-DEV will be needed.

An excellent place to start is the guideline for interpreting CMMI 1.1 in service environments released by SEI in 2005:

http://www.sei.cmu.edu/pub/documents/03 ... 3tn005.pdf

It gives mapping/interpretation of CMMI practices in the context of service organization. One particular area of interest is how one defines a project in support environment.

CMMI-DEV v1.2 brought additional ease in interpretation by taking special attention during design and development of the model for expanding the model coverage. Most changes in this regard are in the informative material and provide notes and examples for usage of practices in service and hardware organizations. There is however one change in the glossary that is of significant importance to this subject.

Prior to v1.2 CMMI has adopted PMI alike definition of project i.e. a group of resources directed towards a common goal with a definite beginning and an end. This came to a change in v1.2 now a project in required to have a start point but is not required to end/finish. This small change allows now organization operating support team to maintain a single plan for maintenance that has many small phases estimated separately.

This all seemed crystal clear to me until a recent discussion on the CMMI Process Improvement Yahoo group. It turned out the first three prints of the CMMI book were flawed and provided wrong definitions of key terms like project, service and project startup. Namely a project was mandated to have a completion –thus the view of implementation in service organizations required an artificial and totally redundant break up of activities in service organization into time limited slots of say one year. This has caused confusion amongst many professionals. A special notice about the errors in the first three prints can be found in the CMMI book errata page maintained by AW professional web site:

http://www.awprofessional.com/content/i ... 182007.pdf

To complete our discussion here are few important points hen you do support for a client organization:

1. CMMI-DEV v1.2 is friendly towards service environments. Few examples are the definitions of terms in the glossary: Project in the glossary is defined as something that has a start and operates according to plan. There is NO requirement for end or completion unlike PMBOK. Thus project can be the overall setup for delivery of products/services. Product in the glossary covers both tangible products and services. Quote "In the CMMI Product Suite, a service is a product that is intangible and non-storable. (See also “product,” “customer,” and “work product.”)". This makes life easier in defining what the support project produces. This makes me believe you can implement CMMI-DEV practices in an environment that does small support tasks within the context of a larger contract.

2. CMMI does not prescribe life cycle i.e. you decide what phases you will have in servicing a request. There could be guideline as to what is required for different types of requests i.e. what phases. Ultimately there is sense in each practice in the CMMI model and your processes should cover all of them to be appraised. It is the business need that should drive the definition of the exact details of the preformed activities and their scheduling.

3. There is one critical distinction when talking about outsourcing - who owns the processes. If it is the client organization then they ought to go for appraisal and what the supplier does is personnel leasing i.e. supplier ought to enhance upon its people management capabilities, not CMMI, may be People CMM. If it is the service organization that owns the process then it should work on improving processes using CMMI practices.

Last but not least I just received an e-mail from SEI to confirm the successful completion of my instructor for Introduction to CMMI training. I am waiting to see my name on the list published on http://partner-directory.sei.cmu.edu/

Cheers and all the best!

  |  [ 0 trackbacks ]   |  permalink  |   ( 2.9 / 8365 )
I am an Intro to CMMI instructor! 
Friday, April 27, 2007, 11:08 PM - CMMI, Introduction to CMMI course
Today I finished successfully the observation for becoming Introduction to CMMI instructor.

It was very exhausting, interesting and challenging experience.

Good is that there were two of us Youri Metchev and me teaching together so we split modules and exercises. Thus one gets time to go over material just before presenting it and it also allows get some rest between presentations. Despite this the 3 days are exhausting. Added to the teaching itself the stress for me was quite high so this added up to the exhaustion.

There is a lot I learned preparing and actually teaching the Intro to CMMI course. You learn a lot of small tips to better present material to people. Our observer was Pat Kirwan a great guy; he helped us evolve our teaching and presentations skills dramatically during the 3 days.

I also got really deep into the book – before you train in the observation you realize responsibility you take by standing in front of audience that has invested significant amount of money to learn something. I look as well at the expectations and plans wemade with ESI for delivering training and this capability depends on your performance during the observation.

Well once you realize you have prepared enough and you are not so bad in communicating to the audience - It gets much easier. Indeed you start having fun engaging people and discussing different matters. It gets tough sometimes when a strange question is thrown, but I guess this id normal. It is an intro calls and people would have hard time with even basic concepts.

Well end of the day I am very very happy. It has been a great experience and I am keen to do more training now.

  |  [ 0 trackbacks ]   |  permalink  |   ( 3 / 916 )
My first CMMI training is scheduled! 
Thursday, April 5, 2007, 12:48 AM - CMMI
Hello,

I have just received the official confirmation from SEI that my observation Introduction to CMMI training will be on 25-27 April 2007.

This will be a public course. It will be offered in Sofia, Bulgaria. So if you would like to come please get in touch with ESI http://www.esicenter.bg. I would be more then glad to have bigger audience.

For details on what this training is about see the SEI official page about Introduction to CMMI training

This is great news as both ESI and myself will have much better opportunities to help companies in the region work with the model.

I hope to see you there!
  |  [ 0 trackbacks ]   |  permalink  |   ( 3 / 7152 )

Next