auth_framework/server/security/
mod.rs

1//! Comprehensive security implementation module for enterprise-grade authentication.
2//!
3//! This module provides advanced security features and compliance implementations
4//! designed for high-security environments including financial services, healthcare,
5//! and government applications. All implementations follow current security best
6//! practices and relevant industry standards.
7//!
8//! # Security Features
9//!
10//! - **DPoP (Demonstration of Proof-of-Possession)**: RFC 9449 implementation
11//! - **mTLS (Mutual TLS)**: Client certificate authentication
12//! - **FAPI (Financial-grade API)**: Financial industry security profile
13//! - **X.509 Certificate Management**: PKI-based authentication
14//! - **CAEP (Continuous Access Evaluation)**: Real-time access revocation
15//!
16//! # Compliance Standards
17//!
18//! - **FAPI 1.0 & 2.0**: Financial-grade API security profiles
19//! - **Open Banking**: European and UK open banking standards
20//! - **PCI DSS**: Payment card industry compliance
21//! - **NIST Cybersecurity Framework**: Government security guidelines
22//! - **ISO 27001**: Information security management
23//!
24//! # Advanced Security Properties
25//!
26//! - **Zero-Trust Architecture**: Never trust, always verify
27//! - **Defense in Depth**: Multiple layers of security
28//! - **Principle of Least Privilege**: Minimal necessary access
29//! - **Continuous Monitoring**: Real-time threat detection
30//! - **Cryptographic Agility**: Algorithm flexibility and rotation
31//!
32//! # Use Cases
33//!
34//! - **Financial Services**: Banking, payment processing, trading platforms
35//! - **Healthcare**: HIPAA-compliant medical record systems
36//! - **Government**: Classified information systems
37//! - **Enterprise**: High-security corporate applications
38//! - **IoT Security**: Device-to-device authentication
39//!
40//! # Example
41//!
42//! ```rust,no_run
43//! use auth_framework::server::security::{DpopManager, FapiManager};
44//! use std::sync::Arc;
45//!
46//! # #[tokio::main]
47//! # async fn main() -> Result<(), Box<dyn std::error::Error>> {
48//! # let jwt_validator = todo!(); // JWT validator implementation
49//! # let dpop_proof = "dummy_proof";
50//! # let access_token = "dummy_token";
51//! # let request = todo!(); // Request implementation
52//!
53//! // DPoP for token binding
54//! let dpop_manager = DpopManager::new(jwt_validator);
55//! let dpop_result = dpop_manager.validate_dpop_proof(
56//!     dpop_proof,
57//!     "POST",
58//!     "https://api.example.com/resource",
59//!     Some(&access_token),
60//!     None
61//! ).await?;
62//!
63//! // FAPI compliance validation requires proper manager setup
64//! # let config = todo!(); // FAPI config implementation
65//! # let dpop_manager_arc = Arc::new(dpop_manager);
66//! # let mutual_tls_manager = todo!(); // MutualTlsManager implementation
67//! # let par_manager = todo!(); // PARManager implementation
68//! # let private_key_jwt_manager = todo!(); // PrivateKeyJwtManager implementation
69//! # let secure_jwt_validator = todo!(); // SecureJwtValidator implementation
70//! let fapi_manager = FapiManager::new(
71//!     config,
72//!     dpop_manager_arc,
73//!     mutual_tls_manager,
74//!     par_manager,
75//!     private_key_jwt_manager,
76//!     secure_jwt_validator,
77//! );
78//!
79//! // FAPI validation with proper method call
80//! # let client_assertion = None;
81//! # let client_cert = None;
82//! # let dpop_proof_opt = None;
83//! # let authorization_code = "dummy_code";
84//! let fapi_validation = fapi_manager.validate_token_request(
85//!     client_assertion,
86//!     client_cert,
87//!     dpop_proof_opt,
88//!     authorization_code,
89//! ).await?;
90//! # Ok(())
91//! # }
92//! ```
93//!
94//! # Performance Considerations
95//!
96//! Security operations are optimized for production use with:
97//! - Efficient cryptographic operations
98//! - Minimal memory allocation
99//! - Concurrent-safe implementations
100//! - Connection pooling for external services
101
102pub mod caep_continuous_access;
103pub mod dpop;
104pub mod fapi;
105pub mod mtls;
106pub mod x509_signing;
107
108// Re-export commonly used types
109pub use caep_continuous_access::*;
110pub use dpop::*;
111pub use fapi::*;
112pub use mtls::*;
113pub use x509_signing::*;