APEL/SSMOverview

From EGIWiki
Jump to: navigation, search

These notes refer to SSM version 1. See APEL/SSM2Overview for notes on SSM2. Please send suggestions and queries to apel-admins [at] stfc.ac.uk.

Introduction

The Secure Stomp Messenger (SSM) is a python package designed to send arbitrary files using ActiveMQ and the STOMP protocol. Its key features are:

  • It uses the underlying filesystem to store outgoing and / or incoming messages
  • It sends arbitrary files from a client to a server SSM
  • It can use any broker configured to use STOMP
  • Files are encrypted during transit using X509 certificates
  • Files are sent sequentially - the next file is sent only when receipt of the previous file is confirmed

Interface

The SSM is designed to have a simple interface, which isolates it from any other components it may be used with.

Very simplified version

  1. The sending and receiving SSMs are configured to communicate using a specified topic.
  2. A file is written to the sending SSM's 'outgoing' directory (by some other process)
  3. The file disappears from outgoing directory.
  4. The file appears in receiving SSM's 'incoming' directory along with a second file containing the sending SSM's certificate DN.

Less simplified version

  • The sending SSM:
    • requests the receiving SSM's certificate
    • takes files from a directory on its filesystem
    • encrypts (using requested certificate) and signs (using own key) the files
    • sends the encrypted files to a specified ActiveMQ topic.
  • The receiving SSM:
    • receives the message from the topic
    • decrypts the message (using own key)
    • retrieves the sender's certificate (from signature)
    • stores the message and the sender's certificate DN (in separate files) in a directory on its filesystem.

Once the sending and receiving SSMs are configured and running correctly, to send a message, put a file in the correct outgoing directory and it will disappear. It will promptly appear in the incoming directory of the receiving SSM.