Skip to main content

auth_framework/server/security/
mod.rs

1//! Comprehensive security implementation module for enterprise-grade authentication.
2//!
3//! This module provides advanced security features and compliance implementations
4//! designed for high-security environments including financial services, healthcare,
5//! and government applications. All implementations follow current security best
6//! practices and relevant industry standards.
7//!
8//! # Security Features
9//!
10//! - **DPoP (Demonstration of Proof-of-Possession)**: RFC 9449 implementation
11//! - **mTLS (Mutual TLS)**: Client certificate authentication
12//! - **FAPI (Financial-grade API)**: Financial industry security profile
13//! - **X.509 Certificate Management**: PKI-based authentication
14//! - **CAEP (Continuous Access Evaluation)**: Real-time access revocation
15//!
16//! # Compliance Standards
17//!
18//! - **FAPI 1.0 & 2.0**: Financial-grade API security profiles
19//! - **Open Banking**: European and UK open banking standards
20//! - **PCI DSS**: Payment card industry compliance
21//! - **NIST Cybersecurity Framework**: Government security guidelines
22//! - **ISO 27001**: Information security management
23//!
24//! # Advanced Security Properties
25//!
26//! - **Zero-Trust Architecture**: Never trust, always verify
27//! - **Defense in Depth**: Multiple layers of security
28//! - **Principle of Least Privilege**: Minimal necessary access
29//! - **Continuous Monitoring**: Real-time threat detection
30//! - **Cryptographic Agility**: Algorithm flexibility and rotation
31//!
32//! # Use Cases
33//!
34//! - **Financial Services**: Banking, payment processing, trading platforms
35//! - **Healthcare**: HIPAA-compliant medical record systems
36//! - **Government**: Classified information systems
37//! - **Enterprise**: High-security corporate applications
38//! - **IoT Security**: Device-to-device authentication
39//!
40//! # Example
41//!
42//! ```rust,no_run
43//! use auth_framework::server::security::{DpopManager, FapiManager};
44//! use auth_framework::{SecureJwtValidator, SecureJwtConfig};
45//!
46//! # #[tokio::main]
47//! # async fn main() -> Result<(), Box<dyn std::error::Error>> {
48//! # let dpop_proof: String = unimplemented!();
49//! # let access_token: String = unimplemented!();
50//! # let request: () = ();
51//! let jwt_validator = SecureJwtValidator::new(SecureJwtConfig::default())?;
52//!
53//! // DPoP for token binding
54//! let dpop_manager = DpopManager::new(jwt_validator);
55//! let dpop_result = dpop_manager.validate_dpop_proof(
56//!     &dpop_proof,
57//!     "POST",
58//!     "https://api.example.com/resource",
59//!     Some(&access_token),
60//!     None
61//! ).await?;
62//!
63//! // FAPI compliance validation
64//! # let config: auth_framework::server::security::fapi::FapiConfig = unimplemented!();
65//! // FapiManager requires dpop_manager, mtls_manager, par_manager, private_key_jwt_manager, and jwt_validator
66//! # let fapi_manager: auth_framework::server::security::FapiManager = unimplemented!();
67//! # Ok(())
68//! # }
69//! ```
70//!
71//! # Performance Considerations
72//!
73//! Security operations are optimized for production use with:
74//! - Efficient cryptographic operations
75//! - Minimal memory allocation
76//! - Concurrent-safe implementations
77//! - Connection pooling for external services
78
79pub mod caep_continuous_access;
80pub mod dpop;
81pub mod fapi;
82pub mod mtls;
83pub mod x509_signing;
84
85// Re-export commonly used types
86pub use caep_continuous_access::*;
87pub use dpop::*;
88pub use fapi::*;
89pub use mtls::*;
90pub use x509_signing::*;