I am working on power monitoring and want to send live power data to authorised users only. Some users have opted to install power sensors in their houses, others are viewing those sensors. Each sensor sends samples to a Twisted backend - the goal is to have this backend forward the data to Javascript running in the browser.
My current solution to forwarding the data is an Orbited server and an instance of MorbidQ (MorbidQ is a Stomp server). Each building in my system (example here) has its own channel for updates. The twisted backend broadcasts the data through the MorbidQ channel to anyone watching, but anyone can watch. There is an entry on my blog about the data flow from sensor to site
For many buildings, I only want a couple of users to be able to see live data in a given building. I would like to use Django Auth if possible, or some sort of workaround if not.
What is the easiest way to secure these channels per user? Can I use Django Auth? Should I use RabbitMQ or ActiveMQ instead of MorbidQ? What measures can I take to keep this solution secure?
For coding I am most confident in C++ and Python.
Thanks!