device-1device-1IdentityMessage BrokerIdentityMessage BrokerAccessManagementAccessManagementcloud-appcloud-appcloud-app subscribes to receive messages on a topic1mosquitto_subto receive messages on/+/messages2Acknowledge SUBSCRIBE, with QOS 0device-1 publishes a message on the topic3mosquitto_pubmessageto/device-1/messages4Print to console5Policy decision on which actions are authorizedfordevice-1on/device-1/messagesalt[device-1is authorized to publish on this topic]6Handle the incoming message7Acknowledge PUBLISHIMB forwards the message8Check whethercloud-appis subscribedto receive messages on/device-1/messagesalt[cloud-appis subscribed to the topic]9Policy decision on which actions are authorizedforcloud-appon/device-1/messagesalt[Receive allowed]10Message