Service to Service - Mqtt with Istio AuthZ

Hello Users,

I am trying to implement authz for MQTT Broker [Implemented using activemq] inside the istio mesh.
Our use case is that the connecting clients (also in the istio mesh) to the activeMq MQTT broker can be restricted to say for example:
Only publish to specific topics, subscribe to specific topics etc

Essentially for the mqtt (tcp) protocol, is there any way to implement specific authZ/authn policies.

Are there any suggestions on how to solve this problem within istio mesh or any approaches?


cc @YangminZhu for the authz question.