XMPP-Grid Broker

The IETF Managed Incident Lightweight Exchange (MILE) working group proposes the standard "Using XMPP for Security Information Exchange" which describes how an XMPP based publish-subscribe mechanism (XMPP-Grid) can be used to exchange security-relevant information between network endpoints.

Currently, no implementation of a production-ready and platform-independent administration interface (XMPP-Grid broker) for XMPP-Grids exists.

The goal of this thesis is to design and implement an XMPP-Grid broker to configure existing controllers (XMPP servers), focusing on portability, extensibility and the aspects of security in a production environment. The broker application should enable administrators to configure XMPP-Grids in a usable and productive way.

Our proposed architecture earmarks a purely client-side web application that communicates with the controller via WebSockets or HTTP streams (BOSH). The controller is typically protected by a reverse proxy, which also hosts our application. User logins are performed using mutual TLS authentication to conform to the IETF standard draft. The resulting application is implemented in TypeScript using the Angular5 framework.

The resulting implementation enables administrators to create and configure communication topics, apprehend the underlying hierarchy and manage permissions. Additionally, persistent items of topics can be inspected and published.

The XMPP-Grid broker implementation incorporates the specified functionality, resulting in a robust, ready-to-use solution. A few supplementary helpers, such as autocomplete or filtering, could not be implemented due to limitations of the underlying XMPP standards. In the future, it will be possible to realise these improvements by enhancing the related XMPP standards or by specifying and implementing proprietary protocols.